The National Security Agency is sounding the alarm about a flaw found in legacy Microsoft Windows versions that could spread without user interaction.
In a June 4 cybersecurity advisory, NSA underscored recent warnings from Microsoft about the “BlueKeep” vulnerability. The potentially “wormable” flaw exists in the Remote Desktop protocol found in Windows 7, Windows XP, Server 2003 and 2008, and users are urged to patch and update their systems.
BlueKeep could be used to conduct denial-of-service attacks, and remote exploitation code could soon widely available for this flaw, NSA said.
In addition to patching and upgrading, NSA suggested users to block TCP Port 3389 at their firewalls, enable network level authentication and disable remote desktop services if they are not needed.