The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s "A Reminder to Update Your Systems to Prevent a Worm," and Microsoft Customer Guidance for CVE-2019-0708. CISA recommends patching the affected operating systems:
This product is provided subject to this Notification and this Privacy & Use policy.