Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)
In the wake of Microsoft’s second alert regarding the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems, the National Security Agency (NSA) has now issued a similar warning. The agency is urging users to patch the flaw as soon as possible because it could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak.
Unknown actors have been scanning the web in search of devices vulnerable to BlueKeep for over a week, which could mean an attack will be launched soon. To make things worse, limited proof-of-concept code for an exploit of this flaw was published online last week, further increasing worries that an attack might be imminent. While Microsoft released a patch for the flaw on May 14, recent research suggests that close to a million devices remain vulnerable.