One Million Devices Open to Wormable Microsoft BlueKeep Flaw
A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code.
The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on Windows operating systems older than Windows 8. Microsoft patched the flaw earlier this month and urged companies to urgently install the security fix, but many people have evidently ignored this advice. Since Saturday, security researchers have detected scanning activity for devices vulnerable to BlueKeep, which could mean an attack will be launched soon. Robert Graham of Errata Security warns that “when the worm hits, it’ll likely compromise those million devices.”