Microsoft is urging computer users running older versions of Windows - including Windows 7 - to update their operating systems as soon as possible to protect against a new vulnerability.
Microsoft released fixes on May 14 to protect against the vulnerability being referred to as BlueKeep. In a blog post on May 30 Microsoft stated "if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable."
The company noted it had previously warned "that the vulnerability is 'wormable' and that future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017."
WannaCry is ransomware that encrypts files on computer hard drives, making them impossible for users to access. Bad actors usually demand a ransom payment in Bitcoin in return for a key that might, or might not, decrypt the files.
The National Health Service, NHS, in the United Kingdom was hit with WannaCry in 2017. The ransomware affected hundreds of health care providers and resulted in thousands of cancelled appointments.
A report by the UK National Accounting Office found that all the health care providers affected by the virus had unpatched or unsupported Windows operating systems. Most of the computers infected had unpatched Windows 7 operating systems. WannaCry also affected many organizations across the world in addition to the NHS.
Microsoft warned in its post on May 30 that although there has been no sign of the new vulnerability being exploited yet "this does not mean that we're out of the woods. If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner. Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible."
Resources: