The National Security Agency (NSA) wants users to update their Windows 7 or XP computers because of a critical security vulnerability capable of inflicting devastating damage.
The vulnerability, called BlueKeep, was discovered a few weeks ago in older versions of Windows, including Windows 7, Vista, XP and Server 2008.
The flaw is so serious that Microsoft was quickly released patches for Windows XP, an operating system the software giant stopped supporting five years ago, as well as Windows 7 and Server 2008 (Vista got nothing, however.)
If that wasn't alarming enough, Microsoft released not one (opens in new tab) but two statements (opens in new tab) comparing BlueKeep to the WannaCry attacks, and warning that this new flaw is "wormable," and could spread from one machine to the next.
Yesterday (June 4), the NSA released an advisory strongly urging Windows users and administrators to update their older systems with the Microsoft patch.
“Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows,” the NSA wrote. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
While we don't have a firm number on how many systems have been affected, the NSA says "potentially millions" of Windows PCs are vulnerable. When Microsoft published its second statement on May 30, it was in response to an independent security researcher's finding that nearly one million computers connected to the internet were still defenseless against an attack.
The NSA is worried that malicious attackers could use the vulnerability to create malware that could spread ransomware or other exploits.
"This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability," the NSA advisory reads. "For example, the vulnerability could be exploited to conduct denial-of-service attacks. It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability."
While systems running Windows 8 and later are protected from BlueKeep, many companies and organizations continue to use old software that supports legacy programs. The systems they use could potentially house sensitive information that could be used against them by a bad actor.
We strongly encourage everyone using an older version of Windows to update their PCs with these patches as soon as possible.
Windows 10 Security and Networking
- Use the Windows 10 Parental Controls
- Find Your MAC Address
- Turn Your Windows PC into a Wi-Fi Hotspot
- Password Protect a Folder
- Create a Guest Account in Windows 10
- Enable Windows Hello Fingerprint Login
- Set Up Windows Hello Facial Recognition
- How to Restrict Cortana's Ever-Present Listening in Windows 10
- Automatically Lock Your PC with Dynamic Lock
- Blacklist Non-Windows Store Apps
- Find Saved Wi-Fi Passwords
- Set Up a Metered Internet Connection
- Use Find My Device
- Stream XBox One Games
- All Windows 10 Tips
- Map a Network Drive
- Create Limited User Accounts
- Set Time Limits for Kids
- Pin People to Your Taskbar