There’s a reason people update to new versions of Windows: Old versions don’t get updated, and that makes them more susceptible to issues, both internal and external. While not every Windows update is a move forward, transitioning to a newer OS is almost always a smart step. Google is making the same assertion, too: If you haven’t upgraded to Windows 8 or 10, now’s a very good time; anything older is now putting you at risk.
The BlueKeep vulnerability
Just like old browsers are full of holes for malware to enter, an old OS can start becoming fallible as new threats emerge and evolve. Technically known as CVE-2019-0708, BlueKeep is a remote code execution vulnerability that exists in Remote Desktop Services. It’s when an unauthenticated attacker connects to a target system using RDP, and then starts sending requests. A successful hack attempt could then start to inflict arbitrary code on the targeted system, installing programs, deleting data, or creating new accounts that still mimic your user rights. It’s a nasty pre-authentication vulnerability in older Windows Operating Systems, and therefore doesn’t require any user interaction before it latches on.
Which OS is at risk?
Anything less than Windows 8. So if you’re running 7, 2008 R2, Vista, Server 2008, or XP, BlueKeep leaves your computer open to infection. How many people are running these old versions of Windows? Almost a million, Microsoft discovered in a recent report. Frighteningly, that’s not even including the computers on corporate networks. Errata Security predicts that anyone using an older OS probably has a month or two before BlueKeep worms its way in.
How to tell if you’re already infected
If you’re running an older OS, now’s the time to upgrade. In the meantime Errata Security’s Rob Graham has put together binaries on Github to scan for BlueKeep. If you think your PC might be infected, go to the link in his tweet and run the scan:
So I've posted both Windows and macOS binaries (self-contained, statically linked) for scanning for CVE-2019-0708 bluekeep. Just click on the badge at the top of the readme.https://t.co/aBA6PRkPD5 pic.twitter.com/C8javjaiP0
— Robᵇᵉᵗᵒ Graham (@ErrataRob) May 28, 2019
Hopefully, both your computer and network have not been compromised, but trust us – you don’t want to procrastinate on things like this. Get Windows 8 or 10 today and stay secure!