CLEARWATER, Fla. — Editor's Note: Links to patches for the security flaw can be found at the bottom of this article.
A security flaw could make millions of people vulnerable to hackers.
The National Security Agency is warning people running older versions of Microsoft Windows to make sure they update their operating systems to protect themselves.
A bug called "BlueKeep" is making Remote Desktop Services on some older operating systems vulnerable to cyber attacks. According to the NSA, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 RS are at risk.
Basically, the weakness in the operating system could allow a hacker to put malware on a computer and wreak havoc on a person's life.
"This is something that would allow the hacker to take full control of your computer, without you knowing, to do things like turn on your webcam and watch you or listen to you or read your email or do anything they want, as if they were sitting right there on your computer," said Brian Jack, chief information security officer at KnowBe4, a Clearwater-based company offering security awareness training. "You would have no idea they were there."
Experts describe the flaw as "potentially wormable" -- meaning it could spread across the Internet without victims doing anything wrong.
"[It] allows the attacker to release the code into the wild, and it will crawl and infect machines totally on its own -- like a robot -- without the hacker needing to pick the machine and target anybody," Jack explained. "It just goes on its own. And so, within a matter of potentially hours, you could have millions of machines infected."
Microsoft tells 10News the issue only applies to versions of Windows that it either no longer supports or soon won't. However, because of concerns about the exploit being "wormable," the technology company has decided to release updates to protect customers.
“This issue does not affect any of our operating systems that were released in the past 10 years," a Microsoft spokesperson wrote in an email. "For users of Windows 7 or earlier versions, we released an update to address this on May 14, 2019, and recommend they apply the update as soon as possible.”
The NSA says installing the update is not only critical for its protection of national security systems but for all networks.
“There are lots of organizations still running some of the Windows server versions that are affected in production," Jack explained. "So, it could be really bad."
That's because smaller businesses may not have updated their systems in years. Jack said that could include organizations like smaller banks, which may have ATMs that are at risk without the patch. On someone's personal computer, Jack warns hackers could get in and hold their files hostage or steal their financial information.
Microsoft said the issue does not affect Windows 10, including Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 or Windows Server 2012.
"We published a blog on May 14, and a second blog post on May 30 reiterating the importance of updating affected systems as soon as possible," Microsoft told 10News.
Download the patches for the "BlueKeep" flaw:
Can't see our Microsoft Windows 'BlueKeep' patch installation tutorial? Click here for a step-by-step video guide.
What other people are reading right now:
- Swarm of ladybugs so large if registered on the San Diego National Weather Service radar
- Passengers: Captain drank beer, had cocaine and fired a gun during nightmare fishing trip
- Jupiter will be so close in June you can use binoculars to see its moons
- 24 cases of the mumps confirmed at the University of Florida
►Have a news tip? Email desk@wtsp.com, or visit our Facebook page or Twitter feed.