I can’t recall ever seeing the National Security Agency (NSA) jumping in and warning users of Microsoft Windows to check if their systems are fully patched and, if not, to update now or risk a “devastating” and “wide-ranging impact.” But that’s what has just happened.

In an advisory published this week, the NSA has urged “Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threat.” That threat being BlueKeep, which has already been the focus of multiple “update now” warnings from Microsoft itself.

The NSA warning comes on the heels of recent research that revealed just under one million internet-facing machines are still vulnerable to BlueKeep on port 3389, the default port used by the Microsoft Remote Desktop feature, and nobody knows how many devices at risk within the internal networks. The potential is certainly there for this threat, if exploited, to be on the scale of WannaCry.

It’s hard to know exactly why the NSA has decided to issue this advisory now, especially as it hasn’t gone through the more usual U.S.-Computer Emergency Readiness Team (CERT) channel. I suspect that they may have classified information about “bad actors” who might target critical infrastructure with this exploit. That critical infrastructure is made up of older Windows operating systems. Windows 8 and Windows 10 users are not impacted by this vulnerability but Windows Server 2008, Windows Server 2003, Windows 7, Windows XP and Windows Vista all are.

So where does that leave us? As this vulnerability is exploited via Remote Desktop Protocol, but is not a vulnerability in Remote Desk Protocol, vulnerable systems must have an internet facing Remote Desk Protocol service to be exploitable. Which means that if upgrading your device to a supported version of Windows is not possible, it’s essential that the exposure to such systems is limited.

I agree with both Microsoft and the NSA that this is a significant risk to unpatched systems. Anyone who has not yet patched against the BlueKeep threat should do so as quickly as possible. Fortunately, Windows 10 users can remain calm and go about their business.

For more information on this vulnerability and some actions you can take to minimize your exposure read this article:
https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/