A critical vulnerability has been found in older versions of Microsoft Windows. If you’re affected, you need to patch your operating system immediately (see below). If you know anyone with an older PC, you need to make sure they’re aware of this ticking time bomb. But what you really need to do, frankly, is update to Windows 10.
The Early Bird Gets the Worm
The newly disclosed bug, dubbed BlueKeep, attacks the Windows Remote Desktop Services (RDS) and allows for complete takeover of the system. The reason this particular bug is so nasty is that it can spread from computer to computer across the network with zero human interaction. This is a special type of malware called a worm. It exploits network services on your computer (that may on by default) to travel from computer to computer very quickly.
The 2017 WannaCry ransomware used a worm called EternalBlue to propagate around the globe in a matter of days. Even though Microsoft had published patches for this bug two months before the malware hit, WannaCry infected over 200,000 computers in 150 countries. The current estimate is that there are almost one million computers exposed to the internet today that are vulnerable to BlueKeep. It’s just a matter of time – perhaps days, weeks at the most – before this latest bug will run rampant.
Patch Your Windows OS Now
The following versions of Microsoft Windows are vulnerable:
- Windows XP
- Windows 7
- Windows Vista
- Windows Server 2008 R2
- Windows Server 2008
- Windows 2003
Remember that Windows is often run on things that we don’t think of as “computers” like point of sale terminals, digital signage, and industrial systems. You can download the patches here:
- Download for Windows 7, Windows 2008 R2, and Windows 2008
- Download for Windows Vista, Windows 2003 and Windows XP
Just Upgrade to Windows 10 Already
You may like your older version of Windows. I get it. I preferred Windows 7 to Windows 10, too. But it’s just not safe. Unless your computer is air-gapped, you really need to be on the most recent operating system to maximize your protection. If your computer is too old to run Windows 10, then it’s probably time to upgrade your computer, as well. If you get another PC, it will come with Windows 10 pre-installed. Or you could consider getting a Mac this time. Macs aren’t necessarily more secure than PCs, but bad guys tend to write more malware for the most popular OS: Windows.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!