Over 800K Systems Remain Vulnerable to Bluekeep
July 20, 2019 Share

Over 800K Systems Remain Vulnerable to Bluekeep

Over 805,000 computers around the world are still vulnerable to the critical Bluekeep vulnerability, which experts have warned could create a worm-like threat worse than WannaCry.

Security firm BitSight claimed that, as of July 2, 805,665 systems remained at risk, a decrease of just 17% from May 31.

“Assuming a simplistic average this represents an average decrease of 5,224 exposed vulnerable exposed systems per day. By consistently observing individual vulnerable systems that remain exposed to the Internet and then identifying when they’re patched, we can calculate that at minimum an average of 854 vulnerable systems per day are patched,” it explained.

“The difference between these two estimates may represent systems which no longer expose the service to the Internet today, or those that are changing IP addresses frequently.”

China and the US remain the countries with the largest number of exposed systems, despite both having reduced their exposure by the largest amount globally, 24% and 20% respectively.

The most responsive industries around the world have been Legal, which reduced affected systems by 33%, Non-profit/NGO (27%) and Aerospace/Defense (24%). However, the worst performers were Consumer Goods (5%), Utilities (10%), and Technology (12%).

BitSight also warned organizations to take a more proactive stance towards third parties that may be exposed via Bluekeep.

“There are multiple ways a system administrator may mitigate against this issue affecting an externally exposed system. The primary and most important of which is actually applying the patch to the affected system. In addition, the administrator or user may remove exposure of that system to the Internet by taking it offline or applying proper access control lists to those systems to limit access to them,” it added.

“It’s been two months since the patch has been made available by Microsoft and we’ve only observed a 17.18% decrease in the number of exposed vulnerable systems in the last month. It’s important for organizations to patch their systems to not only protect their own data and systems, but those of their third parties that they conduct business with.”

Bluekeep is an RCE flaw in Windows Remote Desktop Services (RDS) which could enable an attacker to take complete control of a machine. It affects Windows XP to Windows 7 and Server 2003 to Server 2008 R2 computers.

The vulnerability (CVE-2019-0708) is deemed particularly critical as it can infect and spread without user interaction. Working exploits have already been engineered by security researchers, and the concern is hackers could use it as a mechanism to spread cryptomining malware, banking trojans or other types of malware.

This post Over 800K Systems Remain Vulnerable to Bluekeep originally appeared on InfoSecurity Magazine.

Read More