How hackers steal your info? Blame it on 'Bluekeep' flaw in older Microsoft Windows, says NSA

Ways to avoid identity theft
Cyber attack Pixabay

The National Security Agency (NSA) of US has issued a warning to the users of Microsoft Windows to make sure that they are using an updated system to protect their digital information from cyber criminals.

In the advisory, which was published on Tuesday, June 4, officials stressed the impact of installing patches to address a protocol vulnerability in older versions of Windows.

NSA officials also mentioned about a flaw called "BlueKeep" which exists in previous versions of Microsoft Windows, such as Windows 7, Windows XP, Server 2003 and 2008, is a vulnerability in the Remote Desktop (RDP) protocol. The advisory also added that even though Microsoft has issued a patch, still millions of machines are vulnerable to the data breach.

As per the NSA officials, "BlueKeep" flaw could make the computer systems vulnerable by viruses through automated attacks or due to downloading of malicious attachments.

The company, in a statement on May 30, said that some of the older edition of Windows could be vulnerable to cyber attacks. Microsoft advised that all the users of Windows 7 and earlier versions should update their system as soon as possible.

International Computer Science Institute's Nicholas Weaver earlier stated that vulnerability of Windows means that bad actors could gain complete access to the systems easily. However, as per Microsoft updating computers, helps to protect the users of those systems from these kinds of cyber-attacks.

"NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," the advisory added.

Rob Joyce, a senior NSA adviser wrote on his twitter that "NSA is raising their own concern that the Microsoft RDP flaw (#BlueKeep) is of significant risk to unpatched systems. Patch and protect!"

NSA shared the advisory after Baltimore's internet servers were attacked by the cybercriminals and forced the city government to shut down most of their computer servers. The reports stated that the tool, used for the ransomware attack is an NSA creation, called EternalBlue. In addition to this cyber attack incident, The New York Times later reported that NSA knew about the system flaw, but never revealed it.