Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch.
If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what WannaCry and NotPetya like wormable attacks did in 2017.
Dubbed BlueKeep and tracked as CVE-2019-0708, the vulnerability affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 editions and could spread automatically on unprotected systems.
The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code and take control of a targeted computer just by sending specially crafted requests to the device’s Remote Desktop Service (RDS) via the RDP—without requiring any interaction from a user.
Describing the BlueKeep vulnerability as being Wormable that could allow malware to propagate to vulnerable systems just like WannaCry, Microsoft released a security fix to address the vulnerability with its May 2019 Patch Tuesday updates.
However, the latest Internet scan performed by Robert Graham, head of offensive security research firm Errata Security, revealed that, unfortunately, roughly 950,000 publicly accessible machines on the Internet are vulnerable to the BlueKeep bug.
This clearly means that even after the security patch is out, not every user and organisation has deployed it to address the issue, posing a massive risk to individuals and organizations, including industrial and healthcare environments.
Graham used “rdpscan,” a quick scanning tool he built on top of his masscan port scanner that can scan the entire Internet for systems still vulnerable to the BlueKeep vulnerability, and found a whole 7 million systems that were listening on port 3389, of which around 1 million systems are still vulnerable.