Skip to main content

NSA warns about Windows exploit, ignores its own role in creation of malware

Image used with permission by copyright holder

In a rare occurrence, the National Security Agency (NSA) has published a statement urging people to update their older Windows systems to protect against the BlueKeep vulnerability.

The NSA does not typically comment on cybersecurity vulnerabilities in commercial products, but the potential danger of the recently detailed exploit has lead it to make a statement.

“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” the statement read. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”

The concern over this particular exploit is that it is “wormable,” meaning that it can spread itself from one infected computer to others on the same network. This is a big threat to older machines on a shared network, such as a typical enterprise system, as well as older machines which are connected to the internet.

Although there has not been a worm using this exploit detected yet, both Microsoft and the NSA believe it is only a matter of time until one appears. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” the statement said.

The NSA also published an advisory on what steps system administrators should take to protect their networks against this vulnerability.

This is somewhat ironic given the NSA’s role in the creation of the very similar EternalBlue exploit which was recently used to hold the city of Baltimore’s computer systems for ransom. The NSA developed the EternalBlue attack software for its own use, but lost control of it when it was stolen by hackers in 2017. It then caused chaos around the world with the WannaCry and NotPetya cyber attacks. BlueKeep is similar enough to EternalBlue that Microsoft compared the two of them in its warning to users about the vulnerability.

The NSA has never formally acknowledged its role in the creation of malware, even though Microsoft itself pointed the finger at the NSA for the problems caused by “the stockpiling of vulnerabilities” and condemned it for allowing the malware to be stolen. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Microsoft said.

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
The 5 best websites like Craigslist in 2024

For years, Craigslist has been the go-to website for scoring a free sofa or finding an apartment. But there are plenty of other alternatives to Craigslist that do an equally fine job, oftentimes with a more attractive interface and fewer spam postings. The 5 best Craigslist alternatives are:

Facebook Marketplace
OfferUp
Locanto
Mercari
Recycler

Read more
How to stop spam emails in Outlook, Gmail, and more
A person sitting on the grass and taking notes at a laptop.

Spam and other unwanted emails are a nuisance, and it can seem like keeping them away from your inbox is a losing battle. But while you won't be able to prevent every piece of spam from landing in your inbox, it is possible to significantly reduce the number of messages that show up.

In this guide, we'll show you how to use filters, blocking, and spam reporting features to help stop spam from invading your inbox. We'll also go over a few more tips on how to reduce unwanted messages overall.
How to stop spam in Gmail
If you use Gmail, the most popular email client, you will eventually start getting spam. Here are our two favorite ways to deal with it.
Block spam in Gmail

Read more
How to add a signature in Gmail on desktop and mobile
how to file for stimulus

Email signatures are a great way to automatically include your contact information to your email correspondence. If you'd like to add a signature to your emails in Gmail, it's easy enough to add one. You'll just need to go through your Gmail settings to do it.

In this guide, we'll show you how to add a signature in Gmail whether you're using the desktop website version of Gmail or its mobile app.
How to add a signature on your desktop
Step 1: Launch your favorite browser and log into your Gmail account as you normally would.

Read more