The National Security Agency doesn’t usually concern itself with cybersecurity. But earlier this month, the agency issued a special warning about a new security threat called the BlueKeep vulnerability. That’s a good indication of just how serious this threat could be, so read on to find out if your computer could be affected and what you can do to protect yourself. Spoiler alert: if you’re running an outdated version of Windows, you need to update it ASAP.
What is the BlueKeep vulnerability?
Microsoft regularly issues updates to plug security holes and/or fix bugs. So why is the cybersecurity community making such a big deal about this particular vulnerability? Well, BlueKeep has been given a Common Vulnerability Scoring System (CVSS) rating of 9.8 out of 10, essentially meaning that it’s like an incoming 8.0 earthquake.
The BlueKeep vulnerability is a bug that could allow hackers to exploit Remote Desktop Services to run code on a PC without needing a password (or any user interaction at all) to get in. This code could be ransomware or any other type of malware. Even worse, BlueKeep is wormable, meaning that it can spread to other computers through networks and grow exponentially. BlueKeep is giving cybersecurity professionals bad flashbacks to the 2017 WannaCry ransomware virus, which spread to hundreds of thousands of computers in 150 countries in just a few hours.
Am I affected?
Experts warn that one million computers are currently online and vulnerable. Hence the possibility of a mass cybersecurity attack.
But, there’s some good news: if you’re running Windows 8 or Windows 10, you won’t be affected by BlueKeep. However, it’s still a good idea to check that you have automatic updates enabled. Microsoft issues bug fixes quite frequently, so you want to make sure you’re keeping your machine secure against any other future threats that might arise.
If you are running Windows 7, Windows Vista, Windows XP, or Windows Server 2003 or 2008 systems, you are vulnerable and you need to update ASAP. Seriously! Do not pass go, do not collect $200, go directly to Windows and update now.
What do I need to do?
Here’s how to keep yourself safe from the BlueKeep vulnerability… and any other cybersecurity threats that may arise, too.
1. Update Windows
You can either get Windows 8 or Windows 10 (download them here), or update your current Windows with the security patch. Microsoft doesn’t usually release patches for old, unsupported operating systems, but they’re so worried about the BlueKeep vulnerability and its potential to spread like wildfire that they did just that.
If you’re using Windows XP, Vista, or 2000 and want to stick with that version, you must manually download the security patch here.
If you have Windows 7 or 2008, you can download the patch here: scroll down to find your version of Windows and click “security only” to get the fix. Or, you can also update Windows with the following steps:
- Make sure your computer is connected to a power source: your computer cannot run out of battery during an update or the operating system could become corrupted.
- Click the Start button in the lower left corner of your PC.
- Type “Update” into the search box, and then click Check for updates and wait for Windows to find the newest update.
- Windows will then give a list of updates. Click to view, and you should see a security update, which will probably be listed as “critical”.
- Check the updates to install, and click OK, and then Install Updates.
- Wait patiently while Windows does its thing.
If you’re a bit confused about these updates, see Microsoft’s update FAQ page.
Note: old, outdated versions of Windows are vulnerable to all kinds of threats, not just the BlueKeep vulnerability. So even though Microsoft does have a security patch this time, there generally won’t be bug fixes anymore for your system. So, it’s highly recommended to get a newer version of Windows (which, again, you can do here).
2. Check to see if you have anything else running Windows
It’s not just PCs that are vulnerable: if you have tablets or any other gadgets running Windows, they need to be updated as well.
3. Make sure you have an up-to-date antivirus
Even though Microsoft’s updates include security patches, they aren’t guaranteed to catch everything. Cybersecurity threats are constantly evolving. It’s still important to run a robust antivirus, and to make sure it’s also running the latest version.
Furthermore, if you’re running an outdated version of Windows (like XP) it’s unlikely that your antivirus is still protecting you. Antivirus programs are maintained for the latest version (like Windows 8 and 10), so you should really consider updating your Windows system.
4. Backup your files
Malware isn’t the only threat to your files: your hardware can also break down, causing you to lose important documents and memories. It’s always a good idea to do regular backups, whether using an external hard drive or cloud storage.
Has BlueKeep actually caused any viruses to spread yet?
As of press time, no… but cybersecurity experts warn that it’s only a matter of time. Hackers are aware of the vulnerability, and they are almost certainly writing code to exploit it as we speak. Don’t wait to see what happens — update now so you stay safe.