NSA issues cyber-attack caution to Microsoft Windows users


Users of Microsoft Windows have been advised to keep their systems updated by the US National Security Agency (NSA), for fear of falling prey to cyber-attack.

More dated iterations of Microsoft Windows programmes may be at greater risk of cyber-attack, officials and executives at Microsoft have explained in an advisory which reveals a vulnerability known as “BlueKeep”.

The weakness affects users “operating systems on Windows 7 and earlier”, Microsoft said, before advising that updates should be put into effect “as soon as possible” to mitigate cyber-attack risk.

According to officials, BlueKeep may leave computer systems more open to viruses through automated cyber-attack, or through the downloading of harmful email attachments.

The speed at which ransomware can install itself means files can become imprisoned and subsequent ransom bills can be issued before the user recognises that their computer has become infected.

Nicholas Weaver of the The International Computer Science Institute has highlighted the risk increase within ageing Microsoft Windows infrastructures, writing that cyber-criminals could “gain complete control of the remote system”.

Being prompt and diligent in installing upgrades can greatly help to galvanise the computer against cyber-attack, Microsoft executives have said.

The City of Baltimore in the US recently experienced a ransomware attack which brought municipal services to a halt, taking city workers offline and disrupting payment channels relied upon by citizens to deal with traffic tickets and utilities bills.

The NSA knew about the “EternalBlue” vulnerability for years, the New York Times reports, but senior executives chose to keep it a secret. Experts have cited EternalBlue as a culprit for a number of cyber-attacks in recent times, including the WannaCry bug that infected NHS systems in Britain.

Rob Joyce, a senior advisor with NSA took to social media to speak out about the “significant risk” of older versions of Microsoft Windows, adding that updates could help the situation.

While the NSA regularly warns companies and IT administrators about cyber-attack threats, their explicit BlueKeep warning, together with Mr Joyce’s tweet, illustrate the high chance of a weakness being exploited.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.