If you're a Windows user who has not updated your operating system a few weeks after the Bluekeep vulnerability was discovered, an NSA warning may be enough to motivate you.
Bluekeep is a vulnerability that was compared to the 2007 WannaCry devastating malware, which has caused havoc on computer systems around the world and caused millions of dollars worth of damage. There is a concern that systems running older versions of Windows, such as Windows 7, are particularly prone to Bluekeep.
The NSA recommendation described in detail here indicates that Bluekeep is a vulnerability in the Remote Desktop feature of older versions of Windows. "The National Security Agency is calling on Microsoft Windows administrators and users to ensure that they are using a patched and updated system in the face of growing threats," the recommendation says potentially "wormbar", which means it without user interaction via the Internet. We have seen devastating computer worms that are causing damage to unpatched systems with far-reaching effects, and we are trying to ensure greater protection against this error.
The notes note that these are the affected versions of Windows:
- Windows XP [1
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Microsoft has released a patch, but millions of computers are reportedly still vulnerable. The NSA is concerned that hackers are exploiting this ransomware vulnerability and exploiting kits containing other known exploits, thus improving their capabilities over other unprotected systems. The Bluekeep vulnerability could also be used to conduct denial-of-service attacks, according to the agency.
"The NSA urges everyone to invest time and resources to know your network and run supported operating systems with the latest patches," it also states that Windows 10 systems are protected from the bug, and only the mentioned older versions of Windows concern. "This is not only crucial for the protection of national security systems by the NSA, but for all networks."