U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

246869 Windows systems are still vulnerable to the BlueKeep flaw

In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched. Over a year ago Microsoft Patch Tuesday updates for May 2019 addressed nearly 80 vulnerabilities, including the BlueKeep flaw. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that can be exploited by […]

bluekeep

In May 2019, Microsoft disclosed the BlueKeep vulnerability, more than a year later over 245,000 Windows systems still remain unpatched.

Over a year ago Microsoft Patch Tuesday updates for May 2019 addressed nearly 80 vulnerabilities, including the BlueKeep flaw.

The issue is a remote code execution flaw in Remote Desktop Services (RDS) that can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests.

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities, it could be exploited without user interaction, making it possible for malware to spread in an uncontrolled way into the target networks.

The vulnerability doesn’t affect Windows 8 and Windows 10, anyway previous versions are exposed to the risk of cyber attacks.

Microsoft also advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this vulnerability.

The issue poses a serious risk to organizations and industrial environments due to the presence of a large number of systems that could be reached via RDS.

A year and a half after the flaw was disclosed, more than 245,000 Windows systems have yet to be patched and are vulnerable to attacks.

In May 2019, just after the disclosure of the flaw, the popular expert Robert Graham has scanned the Internet for vulnerable systems and discovered more than 923,000 potentially vulnerable devices using the masscan port scanner and a modified version of rdpscan,  

Now security researcher Jan Kopriva has performed a new scan using the Shodan search engine for machines vulnerable to specific CVEs.

“To this end, I’ve put together a list of about a hundred high-impact vulnerabilities, which were discovered before 2020 and which might potentially be scanned for by Shodan. The list was mostly made up of relevant vulnerabilities from different “Top CVEs” lists[3,4] and vulnerabilities I found to be interesting in my previous searches.” wrote Kopriva. “The list was therefore far from comprehensive, but I do believe the results for the top 10 most common vulnerabilities it included are worth a look.”

CVENumber of affected systemsCVSSv3
CVE-2019-021133578357.8
CVE-2019-1252512197169.8
CVE-2015-1635374113N/A, CVSSv2 10.0
CVE-2019-139172684099.8
CVE-2019-101492646559.8
CVE-2019-07082468699.8
CVE-2014-01602048787.5
CVE-2019-9787839518.8
CVE-2019-12815804349.8
CVE-2018-6789763449.8

The number of systems still vulnerable to CVE-2019-0708 is 246869, around 25% of the 950,000 systems that were initially discovered during a first scan in May 2019.

bluekeep

Kopriva also discovered that more than 103,000 Windows systems are still vulnerable to SMBGhost.

Unfortunately, Kopriva discovered that there are still millions of internet-accessible systems affected by major remotely-exploitable flaws.

“Although, as the chart shows, there has been a significant absolute as well as relative decline in the number of BlueKeep-affected machines accessible from the internet, there still appear to be over 240 000 of them.” concludes the expert. “Given how dangerous and well known BlueKeep is, it rather begs the question of how many other, less well-known critical vulnerabilities are still left unpatched on a similar number of systems.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BlueKeep)

[adrotate banner=”5″]

[adrotate banner=”13″]