NSA announcement advises 'legacy' Windows users to patch their machines against 'BlueKeep' vulnerability
The NSA is helping Microsoft spread the wordBy Cohen Coberly 14 comments
Late last month, Microsoft warned the public that the newly-discovered "BlueKeep" RDP vulnerability -- which is present in Windows XP, 7, Server 2008, and Server 2003 -- could be as serious as WannaCry, a well-known series of worldwide "ransomware" attacks that occurred back in 2017.
Patches for the BlueKeep vulnerability do exist, but it seems quite a few (roughly one million, according to Mspoweruser) machine owners haven't bothered to install the fixes. Whether that's because these individuals are unaware of their existence, or believe that they won't be impacted by potential exploits, we can't say for sure. In either case, Microsoft has tried its best to convince them to patch their systems, but to no avail, it seems.
Fortunately, the tech giant has just received a powerful helping hand from the US' National Security Agency (NSA). The organization today published an advisory, which warns users about the dangers of BlueKeep, while strongly advising anyone running a "legacy" version of Windows to patch their machines ASAP.
The following excerpt from the NSA's full advisory summarizes their statements:
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats... Microsoft has warned that this flaw is potentially "wormable," meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
Obviously, despite the NSA's status, this advisory will not guarantee results. Still, it's certainly better than nothing, and it's nice to see the organization taking the security of internet users seriously.
Hopefully, the agency's voice, combined with reports like this and announcements from Microsoft itself, will prompt the remaining holdouts to patch their machines against BlueKeep sooner rather than later. Though no worms exploiting the vulnerability appear to have been spread just yet, researchers have created several proof-of-concept attacks already, so it's only a matter of time before less savory individuals come up with similar worms.