BlueKeep Attack Warnings Didn’t Affect Users

Researchers from the SANS Institute (USA) over the past few months have been monitoring the situation with the use of patches that fix the BlueKeep vulnerability in Windows, and with the use fof Shodan recorded the number of vulnerable computers connected to the Network. Experts concluded that the massive warnings about BlueKeep attacks did not affect the desire of users to apply patches.

Recall that over the past week there have been reports of signs of exploitation of BlueKeep in real attacks. Attackers tried to infect computers with cryptocurrency mining malware. As a result, Microsoft once again called on users to install patches that eliminate the vulnerability, which the company released back in May of this year.

“After a news of “mass exploitation” of a specific vulnerability hits mainstream media, even organizations that don’t have a formal (or any) patch management process in place usually start to smell the ashes and try to quickly apply the relevant patches. Since media coverage of the recent BlueKeep campaign was quite extensive, I wondered whether the number of vulnerable machines would start diminishing significantly as a result”, — writes Jan Kopriva, SANS researcher.

Nevertheless, as it turned out, administrators are in no hurry to follow the company’s recommendations. According to the researchers, since May the level of “patched” systems has been steadily declining.

Administrators are in no hurry to follow the Microsoft's recommendations
Administrators are in no hurry to follow the Microsoft’s recommendations

“As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn’t do much to help it”, — noted researchers.

Nevertheless, the threat of BlueKeep is still relevant, the researchers emphasize. Despite the decline in the number of unpatched machines, there are a fairly large number of vulnerable systems that can become an attractive target for attackers.

Read also: Facebook reports another data leak

Researchers note that even given the presence of hundreds of thousands of vulnerable systems, we can only hope that the worm that everyone is waiting for will not appear in the near future.

The vulnerability of BlueKeep (CVE-2019-0708) was first reported in May of this year. It does not require authorization or any interaction with the user. In other words, it is “worm-like,” so it allows malware to spread from computer to computer, just like the WannaCry malware have spread around the world in 2017.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button