For Windows 7, and in an uncommon move, for Windows XP, Microsoft released a BlueKeep update.
The National Security Agency warns consumers that there is a potential “wormable” vulnerability influencing Windows 7 and Windows XP devices, implying it could be abused and armed with malware.
In mid-May, Microsoft released a warning about a weakness in remote code execution, recognized as CVE-2019-0708, which could influence Windows 7, Windows XP, Windows 2003, Windows Server 2008 R2, and Windows Server 2008. The vulnerability has since been called “BlueKeep.” Microsoft released a Windows 7 BlueKeep update and another Windows XP BlueKeep patch. Microsoft highly encourages customers to update impacted devices.
This is because software intended to exploit the weakness could spread pre-authentication without any communication between users. These are prime circumstances of reproduction for a worm comparable to WannaCry’s spread, advised Microsoft. In 2017, WannaCry brought millions of pcs down, using an unsophisticated yet omnipresent assault that infected ransomware pcs.[Read more – Best anti malware software review]
It is the concern of the National Security Agency that this might occur again. “This is the sort of vulnerability frequently exploited by malicious cyber performers by using software code that specifically targets the vulnerability,” the NSA stated. “The vulnerability could be utilized to deny service assaults, for instance. It is probably only a question of moment before distant exploitation software for this weakness is commonly accessible. NSA is worried that malicious cyber performers will use ransomware vulnerability and exploit kits that contain other recognized applications, improving capacities against other unpatched devices.
Although it’s been more than two weeks since the vulnerability was discovered, Microsoft warned that cyber criminals often don’t progress that fast. EternalBlue, the vulnerability that allowed WannaCry to occur, took a total of two months from discovering the vulnerability to the time it took to exploit it. “Although their systems have been patched for approximately 60 days, many clients have not,” Microsoft said.
Naturally, Microsoft is taking the opportunity to encourage customers to migrate from older operating systems to Microsoft’s latest OS, Windows 10. Though Microsoft took the unusual step of publishing a BlueKeep patch for Windows XP, Windows 7 ends its support lifespan this coming January.
“Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected,” Microsoft wrote. “Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows. “
Official site : Microsoft.com