Sat. Jun 6th, 2020

Microsoft Issues Second Warning for Users to Patch ‘Wormable’ BlueKeep Flaw

Microsoft has issued a second advisory urging users to update their systems to prevent WannaCry-style malware.

 

Earlier this month, the software giant released an update for BlueKeep, a “wormable” vulnerability in Remote Desktop Services for Windows that can allow attackers to remotely run code on a vulnerable computer — such as malware or ransomware. Worse, the vulnerability allows it to spread to other computers on the same network “in a similar way as the WannaCry malware,” which spread across the globe in 2017 causing billions of dollars in damage.

 

Although there is no sign of an active attack, yet, the company says it is “confident” that an exploit exists for the vulnerability. But sadly almost one million internet-connected computers are vulnerable to the attack — a figure that could be higher if servers at the enterprise firewall level are hit.

 

Thursday’s post advised, “that all affected systems should be updated as soon as possible.” Microsoft also reminded users that WannaCry wasn’t unleashed until two months after the release of MS17-010, the update that patched the vulnerability exploited by WannaCry.

 

Microsoft is urging anyone who is running a vulnerable computer to update at once. The flaw affects versions from Windows XP through Server 2008 R2. Anyone using one of these versions should ensure a patch is in place.