Almost one million Windows PCs are vulnerable to BlueKeep, a vulnerability in the Remote Desktop Protocol (RDP) service impacting older versions of the Windows OS.
Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and could spread automatically on unprotected systems.
The issue came to light on the May 2019 Patch Tuesday, earlier this month. At the time, Microsoft released patches but also warned that the BlueKeep flaw is wormable, meaning that hackers and malware could potentially abuse it to self-replicate and spread on its own, similar to how hackers used the EnternalBlue SMB exploit during the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks of 2017.
However, the latest Internet scan performed by Robert Graham, head of offensive security research firm Errata Security, revealed that, unfortunately, roughly 950,000 publicly accessible machines on the Internet are vulnerable to the BlueKeep bug.
The good news is that companies can apply patches to mitigate this risk. Patches are currently available for Windows XP, 7, Server 2003, and Server 2008, the Windows versions vulnerable to BlueKeep attacks.
Graham used “rdpscan,” a quick scanning tool he built on top of his masscan port scanner that can scan the entire Internet for systems still vulnerable to the BlueKeep vulnerability, and found a whole 7 million systems that were listening on port 3389, of which around 1 million systems are still vulnerable.
“Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines,” the researcher says.
“That means when the worm hits, it’ll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry, and notPetya from 2017 — potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.”
Furthermore, due to the limitations of his scans, Graham was not able to test Windows systems on internal networks, which most likely hide even more vulnerable machines.
However, fortunately, so far no security researcher has yet publicly published any proof-of-concept exploit code for BlueKeep, though a few of them have confirmed to have successfully developed a working exploit.