Microsoft : Windows 7, Windows XP computers vulnerable to BlueKeep malware: Microsoft revealed a major Windows security vulnerability earlier this month, that could see a widespread “wormable” attack that spreads from one vulnerable computer to the next. Microsoft has warned that nearly one million computers globally are still at risk of malware attack similar to WannaCry that spread worldwide in 2017 causing billions of dollars in damage.
The software giant recently discovered “wormable” vulnerability in Remote Desktop Services for Windows that can automatically spread. Engadget reported on Friday that the company has issued its second advisory, urging users to update their systems to prevent the “BlueKeep” malware attack.
“Microsoft is confident that an exploit exists for this vulnerability,” warns Simon Pope, director of incident response at Microsoft’s Security Response Center (MSRC). “It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods.”
Pope notes that it was nearly two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected. The EternalBlue exploit was leaked publicly, allowing hackers to create malware freely. This new BlueKeep flaw hasn’t yet been publicly disclosed, but that doesn’t mean there won’t be malware. Pope says, “It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet.”
This new major Windows security exploit involves a critical remote code execution vulnerability in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions like Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. These operating systems still make up a big chunk of the overall Windows machines in use, especially in corporate environments. “The vulnerability can be used to run code at the system level, allowing full access to the computer, including its data. TechCrunch reported, “Worse, it is remotely exploitable, allowing anyone to attack a computer connected to the internet.”
Microsoft said, “Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible.”
Windows 8 and Windows 10 are not vulnerable to the new bug.