Breaking News
More () »

This Microsoft Windows flaw is so bad the NSA is warning you to take immediate action

The flaw could theoretically allow hackers to infect millions of machines within hours.

CLEARWATER, Fla. — Editor's Note: Links to patches for the security flaw can be found at the bottom of this article.

A security flaw could make millions of people vulnerable to hackers.

The National Security Agency is warning people running older versions of Microsoft Windows to make sure they update their operating systems to protect themselves.

A bug called "BlueKeep" is making Remote Desktop Services on some older operating systems vulnerable to cyber attacks. According to the NSA, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 RS are at risk.

Basically, the weakness in the operating system could allow a hacker to put malware on a computer and wreak havoc on a person's life.

"This is something that would allow the hacker to take full control of your computer, without you knowing, to do things like turn on your webcam and watch you or listen to you or read your email or do anything they want, as if they were sitting right there on your computer," said Brian Jack, chief information security officer at KnowBe4, a Clearwater-based company offering security awareness training. "You would have no idea they were there."

Experts describe the flaw as "potentially wormable" -- meaning it could spread across the Internet without victims doing anything wrong.

"[It] allows the attacker to release the code into the wild, and it will crawl and infect machines totally on its own -- like a robot -- without the hacker needing to pick the machine and target anybody," Jack explained. "It just goes on its own. And so, within a matter of potentially hours, you could have millions of machines infected."

Microsoft tells 10News the issue only applies to versions of Windows that it either no longer supports or soon won't. However, because of concerns about the exploit being "wormable," the technology company has decided to release updates to protect customers.

“This issue does not affect any of our operating systems that were released in the past 10 years," a Microsoft spokesperson wrote in an email. "For users of Windows 7 or earlier versions, we released an update to address this on May 14, 2019, and recommend they apply the update as soon as possible.”

The NSA says installing the update is not only critical for its protection of national security systems but for all networks.

“There are lots of organizations still running some of the Windows server versions that are affected in production," Jack explained. "So, it could be really bad."

That's because smaller businesses may not have updated their systems in years. Jack said that could include organizations like smaller banks, which may have ATMs that are at risk without the patch. On someone's personal computer, Jack warns hackers could get in and hold their files hostage or steal their financial information.

Microsoft said the issue does not affect Windows 10, including Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 or Windows Server 2012.

"We published a blog on May 14, and a second blog post on May 30 reiterating the importance of updating affected systems as soon as possible," Microsoft told 10News.

Download the patches for the "BlueKeep" flaw:

Click here for Windows XP, Server 2003 or Windows Vista

Click here for Windows 7 and Windows Server 2008

Can't see our Microsoft Windows 'BlueKeep' patch installation tutorial? Click here for a step-by-step video guide.

What other people are reading right now:

Have a news tip? Email desk@wtsp.com, or visit our Facebook page or Twitter feed.

Before You Leave, Check This Out