Take a Virtual, Interactive Tour 

Cyber Security

  |  
4 Min Read

BlueKeep is still rocking the waters as over 200k systems are still left unpatched by this nasty Exploit

Microsoft disclosed a vulnerability known as Bluekeep almost a year and a half ago. This exploit ties in with Windows RDP service as more than 200k Windows systems remain unpatched and still eligible to be hit by this exploit.

wd

Back in May of 2019, it was first discovered which led to a scan that detected nearly a million systems were vulnerable to this BlueKeep attack. Which from then and now is a good number drop but still, that's a lot of machines that are still left without any protection.

This vulnerability allows attackers to take over Windows machines remotely since it's using RDP (Remote Desktop Protocol) which Microsoft believes this has been the most severe bug they had disclosed in recent years.

Yet with such a severe exploit, many systems have yet to be patched as a SANS ISC handler Jan Kopriva reported. He states that BlueKeep is not the only major remote exploitable vulnerability. As there are many more with a strong influence exposing these systems to attacks.

Apparently, Jan Kopriva says there are still millions of internet-accessible systems out there that admins have yet to patch and it leaves these systems vulnerable to remote hacks. Such systems are IIS servers, Exim email agents, OpenSSL clients, and of course WordPress sites.

Kopriva doesn't know why these systems have been left unpatched has even warnings from government and business cybersecurity firms have fallen on deaf ears. Such as two warnings from the US NSA (National Security Agency) which one was back in May and another in October. The October warning was about BlueKeep being used by Chinese state-backed hackers.

Sadly, what will happen to a lot of these systems is that they will be unpatched for years as Jan Kopriva expresses "even very well-known vulnerabilities are sometimes left unpatched for years on end...Given how dangerous and well known BlueKeep is, it rather begs the question of how many other, less well-known critical vulnerabilities are still left unpatched on a similar number of systems," (Kopriva, 2020)

It seems to be a questionable decision to not patch and update your systems but even now there are still companies and organizations running off of Windows xp and vista which have exploits and vulnerabilities that are unpatchable.

Comment

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 4 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...