Windows users are being urged to immediately update their software after two new vulnerabilities were discovered that could potentially create a large-scale malware outbreak similar to last year’s WannaCry incident.
In May this year, Microsoft warned of a “critical vulnerability” that had been discovered in a common Windows protocol that could enable a hacker to take over a device without even a click from the owner, and potentially allowing an infectious malware “worm” to quickly spread to millions of computers.
Dubbed BlueKeep, the vulnerability was found in Microsoft’s Remote Desktop Protocol, which lets administrators connect to other computers in a network.
Microsoft released a patch for the vulnerability on 14 May and urged users to quickly patch their devices, with the flaw given a 9.8 out of 10 rating in terms of severity.
Months later, Microsoft’s Detection and Response Team said there are still 400,000 endpoints “lacking any form of network-level authentication”, putting these devices “potentially at risk from a worm-based weaponisation of the BlueKeep vulnerability”.
The tech giant warned that the vulnerability could result in malware as damaging as Conficker, which impacted 10-12 million computer systems around the world, and WannaCry, which led to about $US300 million in damages at just one enterprise.
The Australian Cyber Security Centre also posted a warning about BlueKeep, saying it was aware of “widespread abuse of a security vulnerability” affecting older versions of Windows operating systems, including Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008.
“Once infected, it can spread malware to other computers or devices on the same network, including devices which have access to a remote desktop environment if you have a business that uses this,” the ACSC said.
“Any organisation or business that relies on the older Microsoft systems is at risk.”
The ACSC urged Australian businesses to immediately install the Windows BlueKeep vulnerability software update and to not access Remote Desktop Protocols directly from the internet.
Now Microsoft has revealed that it has discovered seven new vulnerabilities in Windows that can be exploited via the RDP, including two that could result in a major global worm incident.
Microsoft Security Response Centre director of incident response Simon Pope said that future malware exploiting the vulnerabilities could travel from vulnerable computer to vulnerable computer without user interaction.
In contrast to prior warnings, the new vulnerabilities can be found in newer Microsoft versions, including Windows 7, Server 2008, Server 2012, Windows 8.1, Server 2012 and all supported versions of Windows 10.
“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Pope said in a blog post.
“At this time, we have no evidence that these vulnerabilities were known to any third party.”
Any individuals or companies using these Microsoft services are being urged to immediately update their software.
“It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these,” Pope said.
