Three weeks ago, Microsoft released a blog post asking Windows users to update their machines immediately, after the company discovered a major vulnerability that could lead to the next WannaCry disaster.
Nicknamed BlueKeep (and with the CVE-2019-0708 ID), this vulnerability is one that could be particularly devastating. According to Microsoft and security experts, BlueKeep is potentially ‘wormable’, which means it could spread across the web without any user interaction, just like the dreaded WannaCry ransomware attack from a few years back.
While some people listened to the warnings and applied the security patch, most users still didn’t update their Windows to the latest, most secure version.
Now, both Microsoft and the National Security Agency (NSA) essentially beg people to just update their older Windows in order to avert a devastating cyberattack.
Rob Joyce from the NSA retweeted the NSA Cybersecurity Requirement Center advisory, warning that “potentially millions of machines are still vulnerable.”
This is particularly alarming because the organizations that frequently use antiquated computers and operating systems are found everywhere, from energy companies to State agencies. Due to this, an attack that exploits the BlueKeep vulnerability could paralize infrastructure and cripple essential services, just like the Wannacry ransomware attack of 2017.
“It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” says the NSA.
You can read the full NSA advisory here, as it also contains valuable security advice to increase the overall safety of your computers.