Last week, Microsoft warned some older versions of its operating system could be at risk of cyber attacks, with the EternalBlue vulnerability – which was responsible for high-profile attacks such as the WannaCry ransomware attacks in 2017 – a particularly significant danger.
This warning has now been reinforced by an advisory from the NSA, which highlighted a new flaw known as BlueKeep that is present in Windows 7, Windows XP, Server 2003 and Server 2008.
“It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” the organisation stated. “[The] NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
Microsoft has warned this vulnerability is potentially ‘wormable’, meaning it could spread across the internet without user interaction. While the software firm has developed a patch for the exploits, it is likely that millions of machines remain vulnerable.
“We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact and are seeking to motivate increased protections against this flaw,” the NSA continued.
While the NSA issues security advisories to private businesses and IT administrator on a regular basis, BBC News reported the added attention the BlueKeep vulnerability has received, which includes its social media activities, illustrates the particularly dangerous nature of the flaw.
Unpatched systems have long been one of the biggest causes of cyber attacks and Microsoft commented: “Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible.”