The National Security Agency is urging Microsoft Windows users and administrators to make sure they are using an updated version of Windows amid "growing threats" of cybersecurity-related damage.
The NSA’s Tuesday advisory specifically references the “BlueKeep” vulnerability, which can be used by malicious actors to conduct “denial of service” attacks. This shuts down a system, making it inaccessible to its users. This vulnerability could also be used by hackers to conduct ransomware attacks and lock users out of their systems.
The agency noted that while Microsoft has issued a patch for this vulnerability, millions of systems have still not been updated. This is particularly dangerous since the BlueKeep vulnerable is “wormable,” meaning it can spread “without user interaction across the internet.”
“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” the NSA wrote in its advisory.
The warning comes one week after Microsoft issued a reminder to Windows users to update all impacted systems “as soon as possible.”
Microsoft released five patches for the BlueKeep vulnerability on May 14 and wrote in a blog post that “while we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”
Windows systems impacted by the vulnerability include Windows XP, Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. The NSA noted that newer Windows 10 systems are already protected from this vulnerability.