Security Icon Microsoft

Microsoft is advising its Windows users to update their operating system or risk being open to a serious vulnerability. CVE-2019-0708, also known as BlueKeep, was discovered and patched back in May, but the company has seen an uptick in threats.

The attack method centers around a flaw in Windows’ Remote Desktop Protocol and is especially significant because it’s wormable. Simply, an attacker can create a malware that can spread from PC to PC in a widespread, WannaCry-like outbreak.

Users can fully mitigate the threat by installing the latest update. According to Microsoft, plenty of users are at risk of BlueKeep based attacks:

“Via open source telemetry, we see more than 400,000 endpoints lacking any form of network-level authentication, which puts each of these systems potentially at risk from a worm-based weaponization of the BlueKeep vulnerability,” its DART team said. “The timeline between patch release and the appearance of a worm outbreak is difficult to predict and varies from case to case.”

Second WannaCry-like Event Still Possible

As well as updates, DART recommends users internet listening RDP protect is behind a VPN, SSL Tunnel, or RDP Gateway. It has noted that worm outbreaks are largely unpredictable, though in this case exploit code is publically available, so it’s only a matter of time.

The National Security Agency recently issued its own warning about BlueKeep. It deemed the vulnerability a significant risk, and warned of “a global WannaCry-level event”. The flaw affects versions from XP to Windows 7 and Server variants.

Microsoft previously put the number of vulnerable PCs at over one-million machines. Its nickname, BlueKeep, is a reference to the lack of security in Game of Thrones Red Keep, and its tendency to cause a blue screen.