Connect with us

Hi, what are you looking for?


Malware & Threats

Over 800,000 Systems Still Vulnerable to BlueKeep Attacks

Users and organizations continue to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708, but over 800,000 systems are still exposed to attacks.

Users and organizations continue to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708, but over 800,000 systems are still exposed to attacks.

BitSight reported on Wednesday that its latest scan, conducted on July 2, showed over 805,000 devices vulnerable to BlueKeep attacks, 167,000 less than it had identified on May 31.

“Assuming a simplistic average this represents an average decrease of 5,224 exposed vulnerable exposed systems per day. By consistently observing individual vulnerable systems that remain exposed to the Internet and then identifying when they’re patched, we can calculate that at minimum an average of 854 vulnerable systems per day are patched. The difference between these two estimates may represent systems which no longer expose the service to the Internet today, or those that are changing IP addresses frequently,” BitSight said.

Errata Security’s Robert Graham, who also conducted a scan in late May and discovered more than 923,000 vulnerable systems, on Wednesday reported seeing roughly 730,000 machines. However, Graham admitted that BitSight’s results are likely more “reliable” than his.

According to BitSight, the telecommunications industry is by far the most affected, with over 30% of companies having exposed vulnerable devices. This sector is followed at a distance by education (6%) and technology (5%). At the other end of the chart we have the legal, insurance and finance sectors. It’s worth noting, however, that at least some progress has been observed across all industries.

“Telecommunications and Education often provide transit services and thus many of the issues affecting those industries are on systems of their customers. Residential networks are included as part of the Telecommunication industry while in Education, the largest group typically represents students,” BitSight explained.

Data collected by the company shows that the highest number of vulnerable systems is in China, followed by the United States. However, these two countries also accounted for the highest number of systems patched between May 31 and July 2.

Advertisement. Scroll to continue reading.

On the other hand, in countries such as South Korea and Estonia, the number of exposed vulnerable systems has increased by 14% and 32%, respectively.

“While the number of unpatched systems has decreased since May, it’s simply not enough,” Bob Huber, CSO of Tenable, told SecurityWeek. “There is a lot of FUD in the security industry, but that’s not the case here. Organizations and users alike should not brush this off as ‘hype.’ This vulnerability is no joke; BlueKeep has all the makings of becoming the next WannaCry or NotPetya. Patch now before it’s too late.”

BlueKeep impacts the Windows Remote Desktop Services (RDS) and it was addressed by Microsoft in May with patches for Windows 7, Server 2008, XP and Server 2003. The vulnerability is wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit. An unauthenticated attacker can leverage the flaw to execute arbitrary code and take control of a device without any user interaction.

Both the DHS and the NSA have issued alerts urging users and organizations to install the patches from Microsoft.

Several companies and researchers have created proof-of-concept (PoC) exploits for BlueKeep, but there are no public reports of attacks exploiting the vulnerability. Many experts think it’s only a matter of time until it’s exploited, and some even believe that it may have already been leveraged by malicious actors, but in more targeted attacks that have not been detected by cybersecurity firms.

Related: Siemens Medical Products Affected by Wormable Windows Flaw

Related: Microsoft Reminds Users to Patch Wormable ‘BlueKeep’ Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.