One Million Devices Open to Microsoft BlueKeep Flaw


Researchers have discovered one million internet connected devices that are vulnerable to a Microsoft flaw, which could open the door to a cyberattack.

The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. System administrators were urged to immediately deploy fixes as the flaw could pave the way for a similar attack on the scale of WannaCry.

Making matters worse, a spike in scans for vulnerable systems was spotted over the weekend – potentially indicating that bad actors are looking to sniff out the activity.

The critical remote code-execution flaw exists in Remote Desktop Services and impacts older version of Windows, including Windows 7, Windows XP, Server 2003 and Server 2008 (Microsoft deployed patches to Windows XP and Windows 2003 for the bug during Patch Tuesday, neither of which is still supported via monthly Patch Tuesday updates).

While Microsoft urged administrators to update impacted Windows systems as soon as possible, researchers said as recently as Tuesday that one million devices remain vulnerable to BlueKeep.

Additionally, several impacted devices include Siemens medical devices. Those include radiation oncology products, laboratory diagnostics products, Radiography and Mobile X-ray products and point of care diagnostics products.

“Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to cyber threats." - Siemens

Critical Path Security highly recommends all customers and strategic partners to apply patches as soon as possible.  Finally, if devices with Remote Desktop Services enabled are connected directly to the Internet, consider if that is a business requirement. If not, remove the configuration and reduce the attack surface.

Leave a Reply