Users of older Windows software warned of security risks
Last week, Microsoft warned some older versions of its operating system could be at risk of cyber attacks, with the EternalBlue vulnerability – which was responsible for high-profile attacks such as the WannaCry ransomware attacks in 2017 – a particularly significant danger.
This warning has now been reinforced by an advisory from the NSA, which highlighted a new flaw known as BlueKeep that is present in Windows 7, Windows XP, Server 2003 and Server 2008.
“It is likely only a matter of time before remote exploitation code is widely available for this vulnerability,” the organisation stated. “[The] NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
Microsoft has warned this vulnerability is potentially ‘wormable’, meaning it could spread across the internet without user interaction. While the software firm has developed a patch for the exploits, it is likely that millions of machines remain vulnerable.
“We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact and are seeking to motivate increased protections against this flaw,” the NSA continued.
While the NSA issues security advisories to private businesses and IT administrator on a regular basis, BBC News reported the added attention the BlueKeep vulnerability has received, which includes its social media activities, illustrates the particularly dangerous nature of the flaw.
Unpatched systems have long been one of the biggest causes of cyber attacks and Microsoft commented: “Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible.”
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.