CyberNews Briefs

Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)

In the wake of Microsoft’s second alert regarding the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems, the National Security Agency (NSA) has now issued a similar warning. The agency is urging users to patch the flaw as soon as possible because it could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak.

Unknown actors have been scanning the web in search of devices vulnerable to BlueKeep for over a week, which could mean an attack will be launched soon. To make things worse, limited proof-of-concept code for an exploit of this flaw was published online last week, further increasing worries that an attack might be imminent. While Microsoft released a patch for the flaw on May 14, recent research suggests that close to a million devices remain vulnerable.

Read more: Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.