Tips & Advice

What is BlueKeep and why should I care?

Jeff Elder, 20 June 2019

The Microsoft vulnerability could become the next runaway cyberthreat, like 2017’s WannaCry

Now and then a named cybersecurity threat enters public conversation, making headlines with a colorful name like WannaCry, Bad Rabbit, or RobbinHood. (You have to admire hackers’ creativity when it comes to naming these things.) A new name has popped up, and the threat seems to affect many people: BlueKeep. You may be wondering what it is, why it’s a big deal, if it affects you, and what you should do about it. We have answers.

What is BlueKeep?

BlueKeep is a software vulnerability affecting older versions of Microsoft Windows. Its risk is significant because it attacks an operating system’s Remote Desktop Protocol (RDP), which connects to another computer over a network connection. This would allow a cyberthreat to spread very quickly. It was first discovered by the UK National Cyber Security Centre in May. Microsoft has been imploring around a million users to apply a patch in blunt warnings since mid-May.

Why is it a big deal?

Microsoft has warned that the BlueKeep vulnerability could cause a “wormable” cybersecurity outbreak that could “propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” In other words, once a threat was introduced, it could spread without any human interaction. For this reason, Microsoft said, “We are taking the unusual step of providing a security update for all customers to protect Windows platforms.”

The alarm was sounded much louder when the United States’ 30,000-employee National Security Agency took the unusual step of reinforcing the warnings. The Microsoft vulnerability “could spread without user interaction across the internet,” the NSA warned in an advisory about BlueKeep. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”

Does it affect me?

It could, if you haven’t updated the software in your personal computer in a while. Microsoft says that vulnerable in-support systems (those still supported by the company) include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems include Windows 2003 and Windows XP. Customers running Windows 8 and Windows 10 are not affected by the vulnerability.

What should I do about it?

You should download and apply the patch, or software update, addressing the vulnerability. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. 

If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, Microsoft says it is making fixes available for these out-of-support versions of Windows. Find out more here.

Why doesn’t everyone just immediately apply the patch?

Good question. Avast recently released a report titled “Update Inertia: The Psychology Behind Patching and Updating Software.” It found that average people get accustomed to fear-based warnings about cybersecurity and practice what psychologists call avoidance – letting an acknowledged risk linger because there is no perceived penalty in procrastinating. Yet it’s this very perception that can endanger the world to major cyberthreats like WannaCry, which closed hospitals in 2017. Adding the patch and turning on automatic Windows security updates are great ways to keep yourself and your family safe.