In a rare advisory, NSA urges users to patch BlueKeep flaw

The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers.

The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full access to the computer. Because the bug is remotely exploitable, any unpatched computer connected to the internet may be at risk.

Only Windows 8 and Windows 10 are not vulnerable to the bug.

Microsoft released patches in May, yet about a million internet-facing computers and servers are still unprotected.

The intelligence agency urged computer owners to patch against the vulnerability “in the face of growing threats” amid concerns that a malicious actor could launch an attack, similar to the scale of the WannaCry ransomware attacks in 2017.

As of the time of writing, security researchers have only been able to develop proof-of-concept exploits that could remotely shut down affected computers — or so-called denial-of-service attacks. But they say it’s only a matter of time before these exploits could be used to deliver ransomware or data-stealing malware.

“NSA urges everyone to invest the time and resources to know your network and run supported operating systems with the latest patches,” said the agency’s advisory.

It’s rare to see NSA intervene in matters of consumer cybersecurity. An NSA spokesperson noted that its BlueKeep advisory is the agency’s third cybersecurity notice this year. Where NSA often exploits vulnerabilities to carry out surveillance and espionage, typically it is Homeland Security that issues advisories on serious security flaws that could be exploited by hackers.

Two years ago, the agency was left red-faced following the theft of highly classified hacking tools, which hackers later published online. The leaked EternalBlue exploit worked like a master key, opening access to almost any of the billion-plus Windows computers on the internet. Hackers believed to be associated with North Korea used the leaked EternalBlue exploit to spread ransomware on a massive scale. The malware only stopped spreading after security researchers discovered a “kill switch” that neutralized the malware.

NSA has never publicly acknowledged the theft.

A cynic might see the NSA is moving proactively to avoid another public relations disaster after one of its top secret exploits was leaked and used in a global ransomware attack. An optimist, however, might say the government is trying to warn users to prevent mass damage if an exploit is used or published.

For its part, NSA said patching against BlueKeep is “critical not just for NSA’s protection of national security systems but for all networks.”