A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable systems. Around 105,170 of the vulnerable machines are located in the US.
The number of vulnerable systems is currently dropping at a rate of around 5,225 systems per day as companies install patches or make changes to their configuration settings.
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued warnings about BlueKeep. Microsoft released a patch for the flaw on May 14, and issued a second alert about it a month later after the first BitSight scan. BlueKeep is a very dangerous flaw because it could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak.
Read more: 800K Systems Still Vulnerable to BlueKeep
