BlueKeep is yet another security vulnerability that leverages weaknesses in Microsoft’s Remote Desktop Protocol, allowing for potential remote code execution. BlueKeep—designated as CVE-2019-0708—was addressed in the May 2019 Patch Tuesday update, and has received a substantial amount of concern from US Homeland Security, as well as Microsoft, as the company issued patches for Windows XP over concerns the vulnerability could be leveraged in the same way as EternalBlue was used to spawn the WannaCry ransomware attack.
Presently, a US company is selling a PoC as part of a penetration testing utility. BlueKeep affects Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008, with Windows 8, 8.1, and 10 unaffected. In May, one million systems were thought to be vulnerable, and that number has not decreased enough.
SEE: 10 signs you might be working for the wrong company (free PDF) (TechRepublic)
According to a BitSight blog post published Wednesday, “As of July 23, 2019, approximately 788,214 systems remain vulnerable, a decrease of almost 20,000 systems from July 2nd, which is a much smaller decrease than what we observed between May 31 and July 2, even when factoring in that the period between these observations is 33 days compared to the 21 days of the latest observation,” adding that “about 81% of the exposed vulnerable systems observed on May 31 remain unpatched.”
BitSight is raising concerns over a potentiality “where the rate of patching tapers off leaving
behind a legacy set of systems that remain vulnerable, perhaps unbeknownst to system
Likewise, BitSight has also identified BlueKeep risk by industry, finding that the Telecommunications industry has an outsized risk, with over one third of organizations having vulnerable systems. Education follows in section place at just over 5%, followed by Technology, Government, and Utilities.
For more, check out “It’s 2019, and one third of businesses still have active Windows XP deployments” and “Malicious libraries in package repositories reveal a fundamental security flaw” on TechRepublic.