Microsoft discovered a potentially dangerous vulnerability, exposing older versions of Windows to cyber-attacks. This flaw, known as BlueKeep, is so severe that it could create an attack as big as the WannaCry ransomware from 2017. After several warnings to install patches, Microsoft feared people weren’t listening. Now, the National Security Agency (NSA) has stepped in to issue an advisory. It is estimated that over one million older Windows computers are vulnerable and can be exploited by the BlueKeep flaw!
What is BlueKeep?
BlueKeep, or CVE-2019-0708, is a new security vulnerability discovered by Microsoft on May 14, 2019. The flaw can affect Windows 7, Windows XP, Windows Vista, Windows 2003, Windows Server 2008 R2, and Windows Server 2008. The vulnerability could be exploited remotely using Remote Desktop Protocol (RDP) without any user interaction.
BlueKeep is a “wormable” flaw; meaning if the computer is connected to the internet, any future viruses or hackers can exploit this vulnerability and rapidly spread from computer to computer. This flaw can be utilized to remotely run malware on the system level, which has full access to the computer. Because of this worm-quality, any unprotected or unpatched computer connected to the internet can be at risk.
If your computer doesn’t have the latest patch, a hacker can exploit the flaw and gain complete access to your computer and everything stored on it. If you have more than one computer, the hacker or piece of malware can quickly spread to other computers in your home or office without warning.
How to Keep “BlueKeep” Out?
The NSA is worried a crippling, global attack like WannaCry could happen again. Typically, NSA does not intervene in matters that relate to consumer cybersecurity; this type of warning would normally be issued by Homeland Security. However, due to the severity of the threat, the NSA needed to vocalize their very real concerns.
While Microsoft officials say they haven’t seen the BlueKeep flaw exploited yet, it’s only a matter of time. It is very likely that attackers are learning how to weaponize the flaw to execute large-scale attacks in the coming months.
Microsoft released patches to repair the vulnerability. In fact, the BlueKeep flaw is so dangerous, that Microsoft published a patch for Windows XP, despite discontinuing updates back in 2014.
To prevent future attacks, it is vital that any vulnerable systems are patched immediately. Users should also ensure they are allowing and updating their systems regularly. Users are also encouraged to migrate to a newer Windows operating system. All Windows 8 or Windows 10 systems are already protected and are not affected by BlueKeep.
About IT Support RI
If you’re one of our Office Solutions customers, you’re protected from BlueKeep! At IT Support RI, we specialize in keeping a variety of businesses safe and protected. With services like our Behavioral Antivirus & Malware Protection and Software Patch Management, we’re your best defense against threats! You can also learn more by checking out our latest Quick Security Byte – BlueKeep Vulnerabilty and scheduling a Cyber Security Risk Assessment with us!
We offer flat rate IT support for the technology in your business. Our “Office Solutions” service plan includes enterprise-grade antivirus protection, local and offsite backups, service from a dedicated team of qualified technicians, and much more! To learn more, visit www.ITsupportRI.com/managed-services/.