Skip to main content
  1. Home
  2. Web
  3. News

NSA warns about Windows exploit, ignores its own role in creation of malware

By
Add as a preferred source on Google
Image used with permission by copyright holder

In a rare occurrence, the National Security Agency (NSA) has published a statement urging people to update their older Windows systems to protect against the BlueKeep vulnerability.

The NSA does not typically comment on cybersecurity vulnerabilities in commercial products, but the potential danger of the recently detailed exploit has lead it to make a statement.

Recommended Videos

“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats,” the statement read. “We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.”

The concern over this particular exploit is that it is “wormable,” meaning that it can spread itself from one infected computer to others on the same network. This is a big threat to older machines on a shared network, such as a typical enterprise system, as well as older machines which are connected to the internet.

Although there has not been a worm using this exploit detected yet, both Microsoft and the NSA believe it is only a matter of time until one appears. “NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems,” the statement said.

The NSA also published an advisory on what steps system administrators should take to protect their networks against this vulnerability.

This is somewhat ironic given the NSA’s role in the creation of the very similar EternalBlue exploit which was recently used to hold the city of Baltimore’s computer systems for ransom. The NSA developed the EternalBlue attack software for its own use, but lost control of it when it was stolen by hackers in 2017. It then caused chaos around the world with the WannaCry and NotPetya cyber attacks. BlueKeep is similar enough to EternalBlue that Microsoft compared the two of them in its warning to users about the vulnerability.

The NSA has never formally acknowledged its role in the creation of malware, even though Microsoft itself pointed the finger at the NSA for the problems caused by “the stockpiling of vulnerabilities” and condemned it for allowing the malware to be stolen. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Microsoft said.

Georgina Torbet
Georgina Torbet
Former Space Writer
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Topics
How to clear your browser cache in Chrome, Edge, Firefox, Safari, or Opera
A cluttered cache can slow you down and break websites, so here's how to clear it in every major browser in just a few seconds.
How to delete browser cache

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more
How to find archived emails in Gmail and return them to your inbox
Archived emails in Gmail are easier to find than you think—once you know where Google hides them
Gmail icon on a screen.

If you’re looking to clean up your Gmail inbox, but you don’t want to delete anything permanently, then choosing the archive option is your best bet. Whenever you archive an email, it is removed from your inbox folder while still remaining accessible. Here’s how to access any emails you have archived previously, as well as how to move such messages back to your regular inbox for fast access.

Read more
Is there a Walmart Plus free trial? Get a month of free delivery
A Walmart sign on the outside of a store.

For regular Walmart shoppers, signing up for Walmart Plus is a no-brainer. It's basically Walmart's version of Amazon Prime, with subscribers unlocking free shipping on most orders, early access to discounts and new product drops (like Nintendo Switch 2 restocks), the best grocery delivery, and more. If you're always taking advantage of Walmart's bargains for the best smart home devices or the best tech products in general, but you're still not sure if you'll be able to maximize the benefits of Walmart Plus, we highly recommend claiming the free trial to the service, and we've got everything you need to know about it right here.

START YOUR FREE TRIAL

Read more