In May 2019, Microsoft discovered the vulnerability of BlueKeep; more than a year later, more than 245,000 Windows systems have still not been discovered.
More than a year ago, Microsoft Patch Tuesday updates in May 2019 fixed nearly 80 vulnerabilities, including a bug in BlueKeep.
The problem is a remote code execution error in Remote Desktop Services (RDS) that can be exploited by an non-authenticated attacker by connecting to the target system via RDP and sending specially designed requests.
As explained by Microsoft, this vulnerability can be exploited by malware with worm capabilities, it can be exploited without user interaction, allowing malware to spread uncontrollably to the target networks.
The vulnerability does not affect Windows 8 or Windows 10, and in any case, previous versions are exposed to the risk of cyber attacks.
Microsoft has also advised Windows Server users to block TCP port 3389 and enable network level authentication to prevent an unauthorized attacker from exploiting this vulnerability.
This problem poses a serious risk to organizations and the industrial environment because of the large number of systems that can be achieved with RDS.
A year and a half after the discovery of the defect, more than 245,000 Windows systems are still unrepaired and vulnerable to attack.
In May 2019, immediately after the discovery of the defect, popular expert Robert Graham searched the Internet for vulnerable systems and found more than 923,000 potentially vulnerable devices using a port scanner and a modified version of rdp scan,
Security researcher Yang Kopriva has now used the Shodan search engine to perform a new analysis on machines that are vulnerable to certain VECs.
To this end, I have drawn up a list of about 100 high-performance vulnerabilities discovered before 2020 that could possibly be analysed by Sedan. The list consisted mainly of relevant vulnerabilities from the various VEC lists [3,4] and vulnerabilities that I found interesting in my previous research. So the list was far from complete, but I think the results are remarkable for the 10 most common vulnerabilities it contained.
The number of systems still exposed to CVE-2019-0708 is 246869, which is about 25% of the 950,000 systems discovered during the first scan in May 2019.
Kopriva also discovered that more than 103,000 Windows systems are still vulnerable to SMBGhost.
Unfortunately, Kopriva has found that there are still millions of systems with Internet access that have serious shortcomings in terms of remote control.
Although, as the graph shows, there has been a significant decrease, both in absolute and relative terms, in the number of machines affected by the BlueKeep programme and accessible via the Internet, the number appears to be in excess of 240,000. Given the dangerous nature and notoriety of BlueKeep, the question arises as to how many other lesser-known critical vulnerabilities remain unresolved on a similar number of systems.
(Security issues – Hacking, BlueKeep)
bluekeep vulnerability exploit,bluekeep port,cve-2019-0708,smbghost,eternalblue,zerologon,kb4499175 bluekeep,bluekeep exploit,dejablue cve,bluekeep scanner,bluekeep nmap script,ms rdp cve 2019 0708 nbin