Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Microsoft Reminds Users to Patch Wormable ‘BlueKeep’ Vulnerability

Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation.

Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation.

The vulnerability affects Windows Remote Desktop Services (RDS) and it was addressed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described by the company as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

An unauthenticated attacker can use the weakness to execute arbitrary code and take control of a device without any user interaction. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

The company on Thursday reminded users to update their systems after a researcher reported detecting nearly one million vulnerable devices exposed to the internet.

“Many more within corporate networks may also be vulnerable,” Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), said in a blog post. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.”

The company says it’s “confident that an exploit exists for this vulnerability” and that even though a worm has yet to be seen, it does not mean that a piece of malware will not eventually incorporate an exploit for CVE-2019-0708.

“Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible,” Pope said. “It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet.”

Microsoft has pointed out that the WannaCry ransomware, which caused significant damage to organizations worldwide, successfully used the EternalBlue exploit nearly two months after the company released a patch.

Several cybersecurity firms and researchers claim to have already developed proof-of-concept (PoC) exploits for the BlueKeep vulnerability, including ones that achieve remote code execution. Some partial PoC exploits have been made public and at least two organizations reported seeing scanning activity targeting CVE-2019-0708.

Organizations have been warned that the vulnerability poses a risk not only to IT networks, but also to industrial and healthcare environments.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.