Microsoft has issued its second notice to this month urging users to update their systems to prevent or re-run or similarly attack WannaCry.
The software says that the "wormable" vulnerability recently discovered in remote desktop services can be used to remotely execute code on a vulnerable computer, such as malware or ransomware. Worse, the vulnerability allows it to spread to other computers on the same network as the WannaCry malware, which spread worldwide in 2017 and caused billions of dollars of damage.
A patch was released earlier this month on Microsoft's usual patch release day, the so-called Patch Tuesday. And although there are still no signs of an active attack, "this does not mean that we are out of danger," the company said.
Microsoft said it is "confident" that there is a vulnerability to the vulnerability, putting at risk a million computers directly connected to the Internet.
But that figure could be higher if servers are reached at the enterprise firewall level, with the potential that all other computers connected to it will face a similar fate.
"Our recommendation remains the same. We strongly recommend that all affected systems be updated as soon as possible, "Microsoft said.
The error, CVE-2019-0708, better known as BlueKeep, is a "critical" vulnerability that affects computers running Windows XP and later versions, including their server operating systems. The vulnerability can be used to execute code at the system level, which allows total access to the computer, including its data. Worse still, it can be exploited remotely, allowing anyone to attack a computer connected to the Internet.
Microsoft said that only Windows 8 and Windows 10 are not vulnerable to error. But the error is so dangerous that Microsoft took the rare step of issuing patches to its long-term and unsupported operating systems, including Windows XP.
So far, several security firms – including McAfee duck Check Point – have claimed to have developed a proof of concept code that can create at least one condition of denial of service, such as turning off a computer. But the fear is that hackers are close to creating a code that can launch another major ransomware attack.
The independent malware researcher Marcus Hutchins said in a tweet It took him "an hour" to develop a code to exploit the vulnerability, but he refused to publish the code because the error is "dangerous".
The universal message seems clear: Patch your systems before it's too late.