In an advisory published this week, the NSA has urged “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” That threat being BlueKeep, which has already been the focus of multiple “update now” warnings from Microsoft itself.
The NSA warning comes off the back of research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature, with nobody knows how many devices at risk within the internal networks beyond. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.
The NSA’s advisory notes that Bluekeep is a vulnerability in the remote desktop feature on legacy versions of Windows. “The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” the advisory reads.
Microsoft, it continues, has warned that the Bluekeep flaw “is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
The advisory notes that these are the affected versions of Windows:
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Microsoft has issued a patch, but millions of machines are reportedly still vulnerable. The NSA says it’s concerned that hackers will use this vulnerability in ransomware and exploit kits that contain other known exploits, increasing their capabilities against other unprotected systems. The Bluekeep vulnerability could also be used to conduct denial of service attacks, according to the agency.
“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” the advisory continues, also noting that Windows 10 systems are protected against the flaw and that it only affects the named older versions of Windows. “This is critical not just for NSA’s protection of National Security Systems but for all networks.”