The Department of Homeland Security has added its voice to a chorus of government and corporate cybersecurity professionals urging users to patch their systems for BlueKeep, a critical vulnerability recently reported in old Microsoft Windows operating systems.
DHS’s Cybersecurity and Infrastructure Security Agency said Monday said it had used the BlueKeep vulnerability to execute remote code on a test machine operating Windows 2000. The agency released an advisory reiterating that, like the famed WannaCry ransomware, BlueKeep is “wormable,” in that malware exploiting the vulnerability could spread to other systems.
When it was disclosed, security experts immediately warned of BlueKeep’s severity, and as of last week, close to 1 million internet-exposed machines were still vulnerable to the flaw, according to researchers at cybersecurity company BitSight.
New ISIS Cybersecurity Bulletin Shows Interest in Microsoft BlueKeep Bug