In May, Microsoft disclosed a serious security vulnerability affecting many older versions of Windows for desktops and servers.
The vulnerability is called BlueKeep, and it allows attackers to use Microsoft’s Remote Desktop Services to attack unpatched computers running older versions of Windows, Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008.
Microsoft labels the vulnerability as “critical” because it gives attackers almost unlimited access to a system, and because it is “wormable,” meaning that it can spread the same way WannaCry did.
“The impact if this, if exploited, will be catastrophic,” said Rehan Bashir, managing security consultant at Synopsys.
Microsoft has even taken the unusual step of releasing patches for no-longer-supported versions of Windows, including XP, Vista, and Server 2003.
Both the NSA and Homeland Security’s Cybersecurity and Infrastructure Security Agency have issued warnings about the threat.