Home Articles Why More than 805,000 Systems Still Vulnerable to BlueKeep Attacks

Why More than 805,000 Systems Still Vulnerable to BlueKeep Attacks


According to a report, more than 805,000 systems using older versions of Windows are still vulnerable to BlueKeep vulnerability. Read on to know more…

Since May this year, security researchers have been sounding the alarm about the “BlueKeep” vulnerability in old Microsoft Windows operating systems.

According to a new report by security firm BitSight, more than 805,000 internet systems using older versions of Windows are still vulnerable to BlueKeep vulnerability. This security vulnerability was discovered in May 2019 and since then the number of systems likely to be affected by BlueKeep has dropped to 17%. This security vulnerability could allow unauthorised parties to perform remote code execution on vulnerable systems.

Global Attack
China and the US remain the countries with the largest number of exposed systems, despite both having reduced their exposure by the largest amount globally, 24% and 20% respectively. The most responsive industries around the world have been Legal, which reduced affected systems by 33%, Non-profit/NGO (27%) and Aerospace/Defense (24%). However, the worst performers were Consumer Goods (5%), Utilities (10%), and Technology (12%). BitSight also warned organizations to take a more proactive stance towards third parties that may be exposed via Bluekeep.

The Vulnerability
Bluekeep is an RCE flaw in Windows Remote Desktop Services (RDS) which could enable an attacker to take complete control of a machine. BlueKeep is a security vulnerability that affects RDP services in older versions of Windows OS such as XP, 7, Server 2003 and Server 2008. This security vulnerability, designated as CVE-2019-0708, does not affect the later versions such as Windows 8 and 10. The BlueKeep vulnerability can result in untold damages, providing attackers with access to a system via a backdoor. The flaw has been described as ‘wormable’ which means it can be used to spread malware within or outside of networks much like WannaCry.

The BitSight report explained that “Assuming a simplistic average this represents an average decrease of 5,224 exposed vulnerable exposed systems per day. By consistently observing individual vulnerable systems that remain exposed to the Internet and then identifying when they’re patched, we can calculate that at minimum an average of 854 vulnerable systems per day are patched,”

Working Mechanism
BlueKeep is “wormable,” meaning the malware could infect systems as it finds its own ways to move from network to network. By abusing the remote access granted by Remote Desktop Services, a Windows program, a hacker could delete data or install a new program on a system.

There has been a large movement to get users to security patch for the flaw, which could be exploited at scale. A security patch for the vulnerability has been offered by Microsoft on May 14.

Apart from rolling out the patch, Microsoft has issued two alerts urging users and admins to install the fix. “As of July 2, 2019, approximately 805,665 systems remain online that are vulnerable to BlueKeep, representing a decrease of 17.18% (167,164 systems) compared to May 31. Part of that reduction is due to 92,082 systems that remain externally exposed that have been since been observed to be patched,” stated BitSight in a blog post.


Please enter your comment!
Please enter your name here

− 5 = 3