NSA Wants Windows 7, XP Users to Update ASAP
The National Security Agency (NSA) wants users to update their Windows 7 or XP computers because of a critical security vulnerability capable of inflicting devastating damage.
The vulnerability, called BlueKeep, was discovered a few weeks ago in older versions of Windows, including Windows 7, Vista, XP and Server 2008.
The flaw is so serious that Microsoft was quickly released patches for Windows XP, an operating system the software giant stopped supporting five years ago, as well as Windows 7 and Server 2008 (Vista got nothing, however.)
If that wasn't alarming enough, Microsoft released not one but two statements comparing BlueKeep to the WannaCry attacks, and warning that this new flaw is "wormable," and could spread from one machine to the next.
Yesterday (June 4), the NSA released an advisory strongly urging Windows users and administrators to update their older systems with the Microsoft patch.
“Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows,” the NSA wrote. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
While we don't have a firm number on how many systems have been affected, the NSA says "potentially millions" of Windows PCs are vulnerable. When Microsoft published its second statement on May 30, it was in response to an independent security researcher's finding that nearly one million computers connected to the internet were still defenseless against an attack.
The NSA is worried that malicious attackers could use the vulnerability to create malware that could spread ransomware or other exploits.
"This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," the NSA advisory reads. "For example, the vulnerability could be exploited to conduct denial-of-service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability."
While systems running Windows 8 and later are protected from BlueKeep, many companies and organizations continue to use old software that supports legacy programs. The systems they use could potentially house sensitive information that could be used against them by a bad actor.
We strongly encourage everyone using an older version of Windows to update their PCs with these patches as soon as possible.
Windows 10 Security and Networking