The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has declared an official warning to patch the wormable BlueKeep flaw. After confirming the exploit can be used to remotely execute code on vulnerable PCs, the agency released an advisory reiterating the dangers of the vulnerability.

CVE-2019-0708, also known as BlueKeep, is a critical-rated bug that affects computers running Windows 7 and earlier. An exploit able to remotely run code or malware on an affected computer could trigger a global incident similar to the WannaCry ransomware attack of 2017.

“CISA encourages users and administrators review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and apply the appropriate mitigation measures as soon as possible,” CISA writes in its alert.

CISA’s alert serves as a warning that malicious attackers could soon achieve the same results as WannaCry. As of last week, close to 1 million internet-exposed machines are still vulnerable to the flaw, according to researchers.

However, this is just the tip of the iceberg. These devices are gateways to potentially millions more machines that sit on the internal networks they lead to. A wormable exploit can move laterally within that network, rapidly spreading to anything and everything it can infect in order to replicate and spread.

Earlier this month, The U.S. National Security Agency (NSA) also issued a rare advisory, warning users to patch “in the face of growing threats” of exploitation.

Syxsense has added a “BlueKeep At Risk Devices” report to every console to help you stay on top of emerging threats. In seconds, view a list of every device that hasn’t been scanned for the vulnerability see where the risk is detected.

With a few more clicks, you can deploy the patch to every device, run the report and prove to management that you are 100% compliant.

This isn’t the first we’ve heard of Windows 10 upgrades being affected by antivirus or encryption software. But, in fact, Microsoft has always recommended to disable existing security software before upgrading to ensure that there isn’t any conflict during the process, and sometimes Windows will notify automatically.

“Moving to the newest feature version isn’t just another patch or update, but should be treated as an actual upgrade to the entire operating system,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “Just disabling the security software won’t be enough, especially if it’s full disk encryption. Many recommend decrypting and/or uninstalling the application entirely before upgrading to the latest feature version.”

Recently, ESET has informed its Endpoint Encryption customers that upgrading to Windows 10, version 1903, causes boot errors. Specifically, post-upgrade presents an immediate blue screen error (BSOD) when booting. The device(s) receive the stop code “INACCESSIBLE BOOT DEVICE” and must fully decrypt the volume before repairing the Windows installation manually. It’s feasible the entire volume may even become corrupt and require an entire reformat.

Rather than upgrade and jump through hoops, crossing your fingers that the volume can be repaired, it’s better to proactively prepare a strategy to uninstall the application, push the upgrade accordingly, then reinstall.

Using Syxsense, the inventory feature can easily show any registered security application, such as ESET, Trend Micro, or McAfee, and allow a silent uninstall to take place with software distribution. Once the application has been removed, simply push the new upgrade using Feature Updates and let the end-user decide when they want to install and when they want to reboot their device. Post-upgrade, re-leverage the software distribution feature again to re-install the security application silently; all without the need to troubleshoot a single device manually.