About three weeks ago the BlueKeep security vulnerability was revealed to the public and a patch was released by Microsoft. Not just for the newer systems but also for XP, Server 2003 and Vista; something very rare for Microsoft to do. Now the NSA is repeating what Microsoft has been saying. From a Gizmodo news article:
“Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows,” the NSA advisory read. “Microsoft has warned that this flaw is potentially ‘wormable,’ meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
“Although Microsoft has issued a patch, potentially millions of machines are still vulnerable,” the NSA wrote.
“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks,” it added. “It is likely only a matter of time before remote exploitation tools are widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”
It’s almost certain that we’ll see malware exploiting this vulnerability at some point. In addition to the NSA’s concerns, the U.S. cybersecurity firm McAfee and exploit sales company Zerodium each independently said last month that they’d seen the flaw exploited.
It’s been about three weeks since BlueKeep was fixed. It took two months for WannaCry to be unleashed around the world. Following reports last week of around a million still-vulnerable machines, NSA wrote Tuesday that “potentially millions of machines are still vulnerable.”