The Microsoft vulnerability could become the next runaway cyberthreat, like 2017’s WannaCry
BlueKeep, a Microsoft Windows vulnerability that captured headlines in June, has surfaced in the wild of the internet. The threat was previously only modeled by researchers, who said it could potentially devastate networks as a worm spreading unassisted from computer to computer. The current BlueKeep outbreak is limited to a targeted cryptocurrency mining threat, Forbes and other news outlets report.
Security researchers Marcus Hutchins and Kevin Beaumont brought the new outbreak to light, and noted its current, limited activity. While BlueKeep is only targeting certain systems to run cryptomining scripts at this time, this development is “all the more reason to ensure you're patched,” The Register reported.
So what exactly is BlueKeep, why should you care, and what can you do about it?
BlueKeep is a software vulnerability affecting older versions of Microsoft Windows. Its risk is significant because it attacks an operating system’s Remote Desktop Protocol (RDP), which connects to another computer over a network connection. This would allow a cyberthreat to spread very quickly. It was first discovered by the UK National Cyber Security Centre in May. Microsoft has been imploring around a million users to apply a patch in blunt warnings since mid-May.
Microsoft has warned that the BlueKeep vulnerability could cause a “wormable” cybersecurity outbreak that could “propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” In other words, once a threat was introduced, it could spread without any human interaction. For this reason, Microsoft said, “We are taking the unusual step of providing a security update for all customers to protect Windows platforms.”
The alarm was sounded much louder when the United States’ 30,000-employee National Security Agency took the unusual step of reinforcing the warnings. The Microsoft vulnerability “could spread without user interaction across the internet,” the NSA warned in an advisory about BlueKeep. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”
It could, if you haven’t updated the software on your personal computer in a while. Microsoft says that vulnerable in-support systems (those still supported by the company) include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems include Windows 2003 and Windows XP. Customers running Windows 8 and Windows 10 are not affected by the vulnerability.
You should download and apply the patch, or software update, addressing the vulnerability. Downloads for in-support versions of Windows can be found in the Microsoft Security Response Center. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.
If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, Microsoft says it is making fixes available for these out-of-support versions of Windows. Find out more here.
Good question. Avast recently released a report titled “Update Inertia: The Psychology Behind Patching and Updating Software.” It found that average people get accustomed to fear-based warnings about cybersecurity and practice what psychologists call avoidance – letting an acknowledged risk linger because there is no perceived penalty in procrastinating. Yet it’s this very perception that can endanger the world to major cyberthreats like WannaCry, which closed hospitals in 2017. Adding the patch and turning on automatic Windows security updates are great ways to keep yourself and your family safe.
Join Avast's Avast's Christopher Budd at the National Council on Aging's Age+Action Conference to learn how to protect elders from tech support scams.
Avaddon ransomware group targeted Asia-based insurer AXA with DDoS attacks and ransomware just a week after the insurance company announced it was dropping support for ransomware payments in France.