Nearly one million Windows systems are vulnerable to BlueKeep

Almost a million Windows computers are vulnerable to BlueKeep, writes ZDNet. That is less than the previously reported seven million devices, but still a significant number. BlueKeep is a vulnerability in the Remote Desktop Protocol (RDP) service, which impacts older versions of the operating system.

The BlueKeep vulnerability is followed as CVE-2019-0708. The problem was discovered earlier this month at the May 2019 Patch Tuesday. Microsoft then released patches, but also warned that the BlueKeep error is ‘wormable’. This means that hackers and malware may be able to exploit the vulnerability to replicate and spread themselves. This is similar to how the EternalBlue operation was abused with WannaCry and NotPetya.

At first it was thought that nearly 7.6 million Windows system connected to the Internet could be attacked with its vulnerability. Robert Graham, the head of security company Errata Security, however, is investigating that this number is much lower. He thinks the number of vulnerable computers is closer to 950,000.

Graham discovered that most of the seven million systems that have RDP port 3389 open to the Internet are not really Windows systems. Another option is that they don’t run an RDP service on that port. According to Graham, the vast majority of Windows systems with an RDP service that is exposed online are safe.

No attacks detected

Despite the great danger of vulnerability, no attacks have yet been detected. This is mainly because there is no public demo code that cybercriminals can use and implement in their own attacks. According to security company GreyNoise there are some aggressive scans in the making, but it is unclear who is behind them.

There are already a number of patches that companies can use to reduce the risk. Patches are available for Windows XP, 7, Server 2003 and Server 2008. These are the versions of Windows that are vulnerable to BlueKeep attacks.