[ad_1]
It's not every day that the National Security Agency asks you to update your computer.
Three weeks ago, a critical Windows security vulnerability called BlueKeep was revealed and fixed. In this short time, Microsoft has repeatedly asked users of older versions of Windows to make sure their computers are up to date. The company has even released patches for Windows XP, Server 2003, and Vista, a list of unsupported operating systems that typically do not receive much attention.
It is now a US intelligence agency echoing Microsoft.
"Microsoft's recent warnings have highlighted the importance of installing patches to fix a protocol vulnerability in older versions of Windows," reads the NSA's notice. "Microsoft has warned that this vulnerability is potentially" vermicular ", which means that it could spread without user interaction on the Internet.We found that devastating worms inflicted significant damage to systems. uncorrected and seeking increased protection against this flaw. "
This is Rob Joyce from NSA on Twitter:
In addition to its most famous global electronic surveillance offensive mission, the NSA is also responsible for defending US networks. The NSA's Cyber Security Requirements Center drafted the notice, which listed the affected systems and guidelines for mitigating them.
The Microsoft warning compares BlueKeep to WannaCry, the notorious worm ransomware 2017 allegedly developed by North Korea that allegedly infected hundreds of thousands of computers and caused millions of dollars in damage.
Although BlueKeep is mainly about older versions of Windows, there are still millions of older Windows machines that are not supported, and, whether you know it or not, are still used in important locations. It is not uncommon for a US energy company, for example, to have a Windows XP machine somewhere on the network. This is when using an old machine becomes a vulnerability for a critical infrastructure. The Department of Defense is also famous for its use of older Windows machines.
"Although Microsoft has released a patch, millions of machines are potentially vulnerable," the NSA wrote.
"This is the type of vulnerability that malicious cyber-actors frequently exploit by using software code that specifically targets this vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks, "he added. "It's probably only a matter of time before remote operating tools are widely available for this vulnerability." The NSA fears that malicious cyber-actors will use the vulnerability contained in a ransomware and exploit kits containing other known exploits, thus increasing the capabilities compared to other uncorrected systems. "
Simon Pope, of Microsoft, urged users of an old Windows machine to update:
It is almost certain that malware will exploit this vulnerability at some point. In addition to the concerns of the NSA, the US cybersecurity company McAfee and the sales company Zerodium each independently declared last month that they had seen the fault exploited.
It has been about three weeks since BlueKeep has been corrected. It took WannaCry two months to go wild around the world. After last week, nearly 1 million machines still vulnerable were reported, the NSA wrote Tuesday that "millions of machines are potentially vulnerable."
Cybersecurity experts will keep their eyes open for months. So hold on, this one is not even close to ending.
[ad_2]
Source link