The vulnerability, called BlueKeep, was discovered a few weeks ago in older versions of Windows, including Windows 7, Vista, XP and Server 2008. The flaw is so serious that Microsoft was quickly released patches for Windows XP, an operating system the software giant stopped supporting five years ago, as well as Windows 7 and Server 2008 (Vista got nothing, however.) If that wasn’t alarming enough, Microsoft released not one (opens in new tab) but two statements (opens in new tab) comparing BlueKeep to the WannaCry attacks, and warning that this new flaw is “wormable,” and could spread from one machine to the next. Yesterday (June 4), the NSA released an advisory strongly urging Windows users and administrators to update their older systems with the Microsoft patch. “Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows,” the NSA wrote. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.” While we don’t have a firm number on how many systems have been affected, the NSA says “potentially millions” of Windows PCs are vulnerable. When Microsoft published its second statement on May 30, it was in response to an independent security researcher’s finding that nearly one million computers connected to the internet were still defenseless against an attack. The NSA is worried that malicious attackers could use the vulnerability to create malware that could spread ransomware or other exploits. “This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability,” the NSA advisory reads. “For example, the vulnerability could be exploited to conduct denial-of-service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability.” While systems running Windows 8 and later are protected from BlueKeep, many companies and organizations continue to use old software that supports legacy programs. The systems they use could potentially house sensitive information that could be used against them by a bad actor. We strongly encourage everyone using an older version of Windows to update their PCs with these patches as soon as possible.  

Windows 10 Security and Networking

Previous TipNext Tip

Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar