Almost one million Windows PCs are vulnerable to BlueKeep which is a vulnerability in the Remote Desktop Protocol (RDP) service affecting older versions of the Windows OS.
The BlueKeep vulnerability which has been dubbed as CVE-2019-0708, was disclosed in the May 2019 Patch Tuesday. Microsoft released patches for it during that time but the company notified that the BlueKeep flaw is wormable. This means that the attackers and malware could potentially abuse it to self-replicate and spread on its own like the EnternalBlue SMB exploit during the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks of 2017.
Even though this vulnerability is dangerous, there has been no attacks recorded so far. The flaw has no public demo code which the hackers can adapt and implement into their attacks.
The cyber-security firm GreyNoise who has found this activity stated that some aggressive scans are currently underway and it is not known who is actually behind it.
The companies can apply patches to reduce this risk. Patches are currently available for Windows XP, 7, Server 2003, and Server 2008, the Windows versions vulnerable to BlueKeep attacks.
Robert Graham, head of offensive security research firm Errata Security revealed the statistics about the number of Windows systems that are still vulnerable to the BlueKeep attacks. Earlier it was believed that nearly 7.6 million Windows systems connected to the Internet were affected but he stated that the number is actually closer to 950,000.
Most of the seven million systems that have (RDP) port 3389 exposed to the Internet, are not actually Windows systems, or they are not running an RDP service on that port. Graham stated that the majority of Windows systems with an RDP service exposed online are safe.
The time companies have to patch older Windows systems against BlueKeep is starting to run out and security researchers expect attacks to begin at any time.
The tool that Graham used during his research is available on GitHub under the name of rdpscan — a mix between his own masscan tool and a BlueKeep scanner developed by RiskSense.