A couple of weeks ago, Microsoft revealed details about a severe bug that exists in the Remote Desktop Protocol (RDP) in Windows OS.
The bug is called BlueKeep; it can be used to trigger remote code execution attacks. Microsoft warned that it’s “warmable,” which means some attacker can take advantage of the bug to create self-replicating exploits.
BlueKeep (CVE-2019-0708) affects older versions of the OS including Windows 7, Windows XP, Windows Vista, and Windows 2003. The list also includes Windows Server 2008 and 2008 R2.
The company advised users and companies running these versions to quickly install the latest security updates. Initially, it was believed that nearly 7.6 million devices were exposed to attackers because of the bug.
Errata Security’s researcher Robert Graham has now published a new report highlighting that the number of affected devices has now reduced to 950,000. In fact, a big chunk of the 7 million devices are not actually Windows systems.
For scanning the devices, the researcher used a tool called rdpscan (find it on GitHub). He developed the same by clubbing RiskSense’s BlueKeeper Scanner with his own tool called masscan.
However, Graham said that he wasn’t able scan those Windows devices that are a part of closed networks. Still, it’s a big concern that roughly 1 million machines are at risk.
Microsoft has already released the fix as part of the Patch Tuesday update on May 14. But there isn’t much time left to install the patches.
Graham warns that “hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines.” By compromising that, many devices would result in an attack as big as WannaCry and notPetya.
Until now, no active BlueKeep attacks have been discovered. However, recent reports suggest that malicious actors have started their hunt on the internet to find vulnerable machines.
via ZDNet
