Microsoft users have been urged to update their operating systems, with engineers showing how a flaw identified by the tech giant could be exploited by hackers to break into systems and execute code remotely.
The so-called BlueKeep vulnerability was identified earlier this year.
It’s regarded as so serious that government agencies such as the US National Security Agency as well as the Australian Cyber Security Centre urged users to install the Microsoft security patch as soon as possible.
Now engineers at British cybersecurity company Sophos have shown how it can be used by cybercriminals to get “full control of a remote system without having to deploy any malware”.
The engineers showed that the exploit is also “wormable” which means once hackers get into one system they can then use it to spread malware to other systems.
Its worm-like abilities have been compared to that of WannaCry, the worldwide ransomware attack in 2017 that affected about 400,000 computers globally, crippled Britain’s NHS and cost billions of dollars in damages.
Meanwhile, on its website, Sophos also notes: “We’re not the only company in the security industry that’s discovered at least one way to exploit this vulnerability”.
Security software company McAfee has also urged users to instal the patch, noting that Windows 2003 Windows XP Windows 7 Windows Server 2008 and Windows Server 2008 R2 were particularly at risk.
It does not affect Windows 8 and Windows 10 users.