22 PCWorld JULY 2019
NEWS NSA WARNS OF BLUEKEEP VULNERABILITY
patch for Windows 7 (go.pcworld.com/
ptw7), and another BlueKeep patch for
Windows XP (go.pcworld.com/ptxp).
Microsoft strongly urges users to patch
affected systems.
That’s because code designed to exploit
the vulnerability could spread pre-
authentication and without any user
interaction. These are prime breeding
conditions for a worm similar to the spread of
WannaCry, Microsoft warned (go.pcworld.
com/worm). WannaCry took down millions of
computers in 2017, using an unsophisticated
yet pervasive attack (go.pcworld.com/wcry)
that infected computers with ransomware.
The National Security Agency is
concerned that this could happen again.
“This is the type of vulnerability that malicious
cyber actors frequently exploit through the
use of software code that specifically targets
the vulnerability,” the NSA wrote (go.
pcworld.com/nsaw). “For example, the
vulnerability could be exploited to conduct
denial of service attacks. It is likely only a
matter of time before remote exploitation
code is widely available for this vulnerability.
The NSA is concerned that malicious cyber
actors will use the vulnerability in ransomware
and exploit kits containing other known
exploits, increasing capabilities against other
unpatched systems.”
Though more than two weeks have
elapsed since the vulnerability was
discovered, Microsoft warned that
Naturally, Microsoft is taking
the opportunity to encourage
customers to migrate from older
operating systems to Microsoft’s
latest OS, Windows 10.
cybercriminals often don’t move that
quickly. EternalBlue, the vulnerability that
allowed WannaCry to take place, took a
total of two months from the time that the
vulnerability was discovered to the time it
took to exploit it. “Despite having nearly 60
days to patch their systems, many
customers had not,” Microsoft said (go.
pcworld.com/rmnd).
Naturally, Microsoft is taking the
opportunity to encourage customers to
migrate from older operating systems to
Microsoft’s latest OS, Windows 10. Though
Microsoft took the unusual step of publishing
a BlueKeep patch for Windows XP, Windows
7 ends its support lifespan (go.pcworld.com/
wend) this coming January.
“Customers running Windows 8 and
Windows 10 are not affected by this
vulnerability, and it is no coincidence that
later versions of Windows are unaffected,”
Microsoft wrote. “Microsoft invests heavily
in strengthening the security of its products,
often through major architectural
improvements that are not possible to
backport to earlier versions of Windows.”