The National Security Agency (NSA) of US has issued a warning to the users of Microsoft Windows to make sure that they are using an updated system to protect their digital information from cyber criminals.

In the advisory, which was published on Tuesday, June 4, officials stressed the impact of installing patches to address a protocol vulnerability in older versions of Windows.

NSA officials also mentioned about a flaw called "BlueKeep" which exists in previous versions of Microsoft Windows, such as Windows 7, Windows XP, Server 2003 and 2008, is a vulnerability in the Remote Desktop (RDP) protocol. The advisory also added that even though Microsoft has issued a patch, still millions of machines are vulnerable to the data breach.

As per the NSA officials, "BlueKeep" flaw could make the computer systems vulnerable by viruses through automated attacks or due to downloading of malicious attachments.

The company, in a statement on May 30, said that some of the older edition of Windows could be vulnerable to cyber attacks. Microsoft advised that all the users of Windows 7 and earlier versions should update their system as soon as possible.

International Computer Science Institute's Nicholas Weaver earlier stated that vulnerability of Windows means that bad actors could gain complete access to the systems easily. However, as per Microsoft updating computers, helps to protect the users of those systems from these kinds of cyber-attacks.

"NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems," the advisory added.

Rob Joyce, a senior NSA adviser wrote on his twitter that "NSA is raising their own concern that the Microsoft RDP flaw (#BlueKeep) is of significant risk to unpatched systems. Patch and protect!"

NSA has suggested some additional measures as below: Block TCP Port 3389 at your firewalls, especially any perimeter firewalls exposed to the internet. This port is used in RDP protocol and will block attempts to establish a connection.

Enable Network Level Authentication. This security improvement requires attackers to have valid credentials to perform remote code authentication. Disable remote Desktop Services if they are not required. Disabling unused and unneeded services helps reduce exposure to security vulnerabilities overall and is a best practice even without the BlueKeep threat.

NSA shared the advisory after Baltimore's internet servers were attacked by the cybercriminals and forced the city government to shut down most of their computer servers. The reports stated that the tool, used for the ransomware attack is an NSA creation, called EternalBlue. In addition to this cyber attack incident, The New York Times later reported that NSA knew about the system flaw, but never revealed it.