“Wormable” BlueKeep: Almost one million Windows machines are vulnerable to the flaw
Security researchers have discovered nearly one million Windows PCs are still vulnerable to a “wormable” BlueKeep security flaw that could lead to a similar outbreak like WannaCry ransomware.
For those unaware, BlueKeep is a term for a security vulnerability (CVE-2019-0708) (noted as “critical” by Microsoft) affecting computers using older versions of Windows, including Windows 7, Windows XP, Windows Vista, Windows 2003, and also Windows Server 2008 and 2008 R2.
The BlueKeep security vulnerability was first reported by Microsoft on 14 May 2019 and officially noted as CVE-2019-0708. BlueKeep is a “wormable” Remote Desktop Services (RDS) vulnerability in Windows OS. In this kind of vulnerability, a hacker can exploit the flaw by sending specially created requests via the Remote Desktop Protocol (RDP) to execute arbitrary code and take control of a user’s machine without their knowledge.
However, the flaw was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. The company also deployed patches for systems running Windows XP and Windows 2003 even though they are no longer officially supported by Microsoft.
Security researcher Robert Graham, head of Errata Security, who developed a software tool to scan the internet for affected Windows machines, says that there are still at least about 950,000 unpatched devices in the wild that are vulnerable to the attack.
“I find nearly one-million devices on the public Internet that are vulnerable to the bug. Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines. That means when the [computer] worm hits, it’ll likely compromise those million devices,” he wrote in a Tuesday blog post. “This will likely lead to an event as damaging as WannaCry and notPetya from 2017 – potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.”
So far, no active BlueKeep attacks have been discovered. Also, another good news is that Windows 10 and Windows 8 systems are not affected by the flaw.
Microsoft is recommending its users and companies using affected systems to install available update patches as soon as possible before attackers abuse the vulnerability. The company is also suggesting to disable RDS if they are not required, as the vulnerability only works on machines with RDS turned on.