It's not every day that the National Security Agency asks you to update your computer.
Three weeks ago, a critical Windows vulnerability called BlueKeep was uncovered and fixed. In that short time, Microsoft has repeatedly asked users of older versions of Windows to make sure their computers are up to date. The company even released fixes for Windows XP, Server 2003, and Vista ̵
Now it is an American secret service oriented to Microsoft.
"Recent warnings from Microsoft emphasized the importance of installing patches to fix a protocol vulnerability in older versions of Windows," the NSA's recommendation states. "Microsoft has warned that this bug may be" wormable, "meaning that it can spread across the Internet without any user interaction.We have seen devastating computer worms that are causing havoc with unpatched systems with far-reaching implications, and are seeking increased protection against to motivate this mistake. "
Here is Rob Joyce of the NSA on Twitter:
In addition to their more well-known offensive mission of global electronic surveillance, the NSA has The NSA's Cybersecurity Requirement Center has issued a recommendation listing the systems and mitigation measures involved.
The Microsoft warning compares BlueKeep to WannaCry, the notorious ransomware worm of 2017, allegedly developed by North Korea and infected hundreds of thousands of computers and M illion millions of damage caused in US dollars.
Although BlueKeep mainly affects older versions of Windows, there are still millions of old, unsupported Windows computers – and believe it or not, they are still used in important places. For example, it is not uncommon for an American energy company to have a Windows XP computer anywhere on the network. In this case, using an old machine becomes vulnerable to critical infrastructures. The Department of Defense is also known for using old Windows computers.
"Although Microsoft released a patch, millions of computers may still be vulnerable," the NSA wrote.
"This is the type of vulnerability that malicious cyber actors often exploit by using software code that is specifically designed to address the vulnerability. For example, the vulnerability could be exploited to perform denial-of-service attacks, "he added. "It's probably only a matter of time until remote exploit tools are generally available for this vulnerability. The NSA fears that malicious cyber actors are exploiting the vulnerability in ransomware and exploiting kits with other known exploits to improve their capabilities over other non-patched systems. "
Simon Pope of Microsoft requested anyone to update with an old Windows computer:
It is almost certain that malware will exploit this vulnerability at some point. In addition to the concerns of the NSA, US cybersecurity firm McAfee and exploit distributor Zerodium announced independently that the error had been exploited last month.
About three weeks ago, BlueKeep was fixed. It took two months for WannaCry to be released around the world. According to reports from last week about one million more vulnerable machines, the NSA wrote on Tuesday that "maybe even millions of machines are vulnerable".
Cybersecurity experts will keep their eyes open for months. So buckle up, that's not over yet.