If you are a Windows user who has not updated the system after discovering the Bluekeep vulnerability a few weeks ago, the warning from the National Security Agency (NSA) may change your mind. It is understood that Bluekeep vulnerability is comparable to the 2017 malware WannaCry, which caused devastating damage to the global computer system and caused millions of dollars in damage.
NSA warns that computers running older versions of Windows such as Windows 7 will be particularly vulnerable to Bluekeep attacks.
According to the NSA report, “Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
NSA is raising their own concern that the Microsoft RDP flaw (#BlueKeep) is of significant risk to unpatched systems. Patch and protect! https://t.co/hj1c40psma
— Rob Joyce (@RGB_Lights) June 4, 2019
Microsoft also warned that the company pointed out that the Bluekeep vulnerability may be a worm computer, which means it may spread on the Internet without user interaction. The following are the affected system versions:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
GandCrab Ransomware Shutting Down its Operations after Earning $2 Billion in Ransom Payments
Although Microsoft has released patches, a reporting show that millions of machines are still extremely vulnerable. The NSA said they are concerned that hackers will exploit this vulnerability in ransomware and that they will use other toolkits that contain known vulnerabilities to increase their ability to attack other unprotected systems. NSA wrote:
Although Microsoft has issued a patch, potentially millions of machines are still vulnerable. This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks.
It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.