800,000 systems are still vulnerable to the BlueKeep exploit. Microsoft released a patch 2 months ago including ‘end of life’ systems such as Windows 7 and XP. According to a recent report by BitSight, a risk management firm, they detected 805,665 online systems that remain vulnerable. Although this is a 17% decrease from the previous months figure, this still represents a sizable attack surface.
What is Bluekeep?
BlueKeep is a critical vulnerability in the remote desktop protocol (RDP). Luckily the vulnerability only affects older Windows operating systems such as Windows 7, Windows XP and Windows Server 2008. Despite Microsoft dropping support for these OSes, this vulnerability was deemed so critical that Microsoft pushed out a patch even for ‘end of life’ systems.
If an attacker were to exploit such a vulnerability they could execute arbitrary code on the target and likely take over control of the computer. BlueKeep is also what is known as a ‘wormable’ exploit, in that infected machines can infect other machines. This can lead to a very rapid spread of the malware similar to how WannaCry spread in 2017.
Microsoft first warned about BlueKeep on May 14 and released a patch. Also alongside Microsofts announcement came the warnings from the NSA and DHS about the seriousness of this vulnerability.
Despite every system administrator’s best efforts there are often systems that are exposed to the public Internet and unpatched. This is even more prevalent in smaller organizations that lack a dedicated IT department.
There has been a significant improvement in the number of unpatched systems since the vulnerability was disclosed, but that leaves 800,000 systems still vulnerable to BlueKeep.
It is still critical that everyone patches their systems as soon as they are able as it is only a matter of time before we start seeing WannaCry v2.0 attacks in the wild.
Systems still vulnerable to BlueKeep are no joke!
Equifax was just slapped with a $700 million fine for their breach, all due to an unpatched system!