In the beginning of June 2019, the National Security Agency (NSA) published an advisory urging all Microsoft Windows users to update their older Windows systems to protect against a vulnerability nicknamed BlueKeep.
Microsoft’s original security notice, which was posted at the end of May 2019, stated that older versions of Windows could be vulnerable to cyber-attacks. The flaw is also ‘wormable’, meaning it could spread without user interaction across the internet and could be exploited and weaponized.
BlueKeep affects computers using old versions of the Microsoft Windows operating system including Windows 7, Windows XP, Server 2003 and 2008, which means that millions of machines could be exposed.
This is the kind of vulnerability that is commonly exploited by cyber attackers with the use of code that targets the vulnerability. The NSA’s primary concern is that cyber attackers will use the vulnerability in ransomware and exploit kits, increasing their ability to attack and weaken other systems. The NSA warned that matters needed to be dealt with by users quickly, before the exploitation code became widely available.
The NSA’s concern stems from previous experience with the WannaCry virus, which infected over 230,000 computers around the world in 2017 and caused billions of dollars’ worth of damage. Among the highest-profile targets was the UK’s National Health System, which was forced to cancel thousands of appointments after its systems were infected.
To avoid similar occurrences that could be a threat to national security Microsoft issued a BlueKeep patches for Windows 7 and Windows XP so users can update their systems to protect themselves. It is also worth mentioning that Microsoft customers running the later versions of Windows, including Windows 8 and Windows 10 are not affected by this vulnerability. However, to protect yourself further you can also Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall.
If this post was useful, you might also find these posts helpful:
- How can I update WhatsApp following the latest cyberattack it suffered?
- Are my software applications making my computer vulnerable to cyber-attack?
- What is a DDoS attack?
and watch former ethical hacker Jason Hart cybersecurity tutorials: