Microsoft has issued a second security warning over BlueKeep, a recently discovered vulnerability in its Remote Desktop Protocol service that could enable attackers to use a worm-like exploit to take over devices running unpatched older Windows operating systems. The software giant took the unusual step Thursday of issuing a second alert within a month concerning the BlueKeep flaw as security researchers expressed growing concerns that bad actors are rapidly developing exploits and that proof-of-concept code has already leaked online. In a new message, Simon Pope, director of incident response for the Microsoft Security Response Center, compared BlueKeep to EternalBlue, the Windows vulnerability that later opened the door to the WannaCry and NotPetya ransomware attacks of 2017. Pope warned that with reports of nearly 1 million Windows devices vulnerable to this flaw, security teams need to apply the patch that Microsoft issued with its first warning on May 14. "It's been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we're out of the woods," Pope warns. "If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner." The vulnerability affects only older versions of Microsoft's Windows operating system, some of which are no longer supported by the company. The flaw affects Windows XP, Windows 7, Windows 2003 and Windows Server 2008, the company notes. Newer versions of Windows, including Windows 8 and Windows 10, are not affected. Follow this on OUR FORUM.