The National Security Agency (NSA) has issued a rare advisory in which it warned of the risk associated with the ‘Bluekeep’ threat facing users of legacy Windows systems.
Indeed, the threat is deemed to be so serious that Microsoft released the BlueKeep patch for out-of-support systems including Windows XP and Windows 2003, last month.
And earlier this week micro-patching service 0patch released a fix for the “BlueKeep” flaw aimed at always-on systems that for one reason or another cannot be rebooted, or cannot apply Microsoft patches.
Microsoft at the time of its patch said that the flaw was so bug so bad that it cloud lead to massive global computer virus outbreak like the WannaCry malware, so it has issued a rare patch for both XP and Windows 2003.
Windows XP launched way back in 2001 and Microsoft had ended its official support for XP back in April 2014.
In-support systems including Windows 7, Windows Server 2008 R2 and Windows Server 2008 are also affected, but Windows 8 and Windows 10 are not.
The issue, tracked as CVE-2019-0708, affects Remote Desktop Services.
It bypasses authentication steps and does not require user interaction, meaning it could be exploited to create a “worm” that spreads automatically from one vulnerable system to another.
The exploit was also reportedly used by ransomware that targeted the city of Baltimore last month, hobbling the city’s public services for weeks.
Since Microsoft’s alert several third-party security researchers said they have developed working exploits for BlueKeep.
Into this has stepped the top secret US intelligence service, the NSA.
It warned in its advisory that legacy versions of Windows were at serious risk.
“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” it said. “Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet.”
It said that despite Microsoft’s patch (CVE-2019-0708), potentially millions of machines are still vulnerable.
“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability,” the NSA said. “For example, the vulnerability could be exploited to conduct denial of service attacks.
“It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” it said. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
Security experts were quick to point out that the problem stems from people not upgrading to more modern operating systems.
“It’s shocking to think that some people and businesses are still not using the most up to date software or operating systems after everything we hear about and multiple cyber attacks,” said Jake Moore, Cyber Security specialist from ESET.
“Patching the operating system isn’t as inconvenient as people may think which is possibly the main reason that some don’t do it.,” said Moore. “Microsoft has made it very easy to update, and they shouldn’t be taken lightly. We need to change the attitude of some who miss a few updates to consolidate those updates in the “next one.”
“Furthermore, up to date antivirus is just as important,” Moore added. “However, it becomes insignificant without an up to date OS.”
“Although this particular vulnerability is directed at Windows, iOS users need to remember that they too need antivirus and remember to keep up to date,” he warned. “Far too often, I still hear from Apple users that they don’t require computer protection. This myth has been debunked many times in recent years, and they need to act fast.”
Do you know all about security? Try our quiz!
After previously expressing its concern, the British Government now confirms a national security review of…