Microsoft has fixed a flaw that affects older versions of Windows: the BlueKeep vulnerability allows malware to spread from one computer to another without user interaction, similar to what happened in the 2017 WannaCry attack. So even Windows XP is getting the update – and it lost support in 2014. If you’re on Windows 7, you also need to install the security patch.
Basically, an attacker can use the flaw to send malware to a computer connected to the internet without requiring authentication – such as login and password – or user interaction. The problem lies with Remote Desktop Services, formerly known as Terminal Services.
The intrusion is possible if the computer has the Remote Desktop Protocol (RDP) enabled on exposed ports on the internet. Researcher Kevin Beaumont says that about 3 million RDP endpoints are directly exposed, according to search engine Shodan.
The BlueKeep fault is present on Windows XP, whose official support ended in 2014; and Windows Server 2008 and Server 2008 R2, versions that Microsoft stopped updating in 2015. All of them are receiving the security patch; they were also contemplated in 2017, during the WannaCry attack. That is, the problem is serious.
If you use Windows XP or Server 2003, “the best way to address this vulnerability is to update to the latest version of Windows”, says Microsoft. But if you can’t (or don’t) want to do this, there is an urgent security update waiting to be installed.
Windows 7 is also affected; its support will end in January 2020. Newer versions, such as Windows 10, 8.1 and Server (from 2012), are immune: “it is no coincidence… Microsoft invests heavily in strengthening the security of its products, often through major improvements in architecture that cannot be ported to previous versions ”, says the company.
Windows flaw should be exploited “in the coming days”
Microsoft reports that it has not observed any intrusions based on this Windows flaw, but warns: “Malicious agents are highly likely to create an exploit for this vulnerability and incorporate it into their malware.”
Brian Bartholomew, senior security researcher at Kaspersky Lab, explains to the Ars Technica that an attack “would simply require someone to send specific packets over the network to a vulnerable system that has the RDP service available”. He also believes that “someone is going to release an exploit for this in the next few days”.