A few months ago, a new vulnerability named “BlueKeep” was reported to Microsoft. This vulnerability could affect 805,000 internet-facing systems that are running older versions of Microsoft Windows such as Windows XP, 7, Server 2003, and Server 2008. This loophole does not affect the newer version such as Windows 8 and 10.
The BlueKeep vulnerability was revealed in May 2019, and right after that, Microsoft took action upon it. After Microsoft released the patch, the number of systems that were likely to be affected dropped by 17%.
About Bluekeep Vulnerability
This vulnerability affects the RDP services in older versions of Microsoft Windows. The RDP services themselves are not vulnerable, but the flaw is present in older versions of Windows (XP, 7, Server 2003 and 2008).
The vulnerability is so dangerous that it can take control of your whole system if your system got infected with it, a hacker can access your system via a Backdoor. By getting Remote access to windows RDP, a hacker can quickly delete your data and install new malware on your system by which a hacker can get access to every corner of your system.
Moreover, it can spread from one system to another just like Wannacry malware, that is why this vulnerability is said to be “wormable,” which means it can spread from network to network just like any other dangerous malware.
Action by Microsoft
When Microsoft got to know about this massive vulnerability in their older versions of Windows, they readily took action upon it, and they released a patch for this flaw on the 14th of May, 2019.
After the release of the patch 854 systems that were vulnerable to this flaw are being fixed daily.
Simon Pope in the Designated Report (CVE-2019-0708) said:
Microsoft Urging it’s Users
After the release of the patch on the 14th of May 2019, Microsoft is now urging its users and admins to install the patch on their systems so that they do not have to worry further about this flaw.
As until the 2nd of July, 2019, the number of vulnerable systems is steadily decreasing by 17% as compared to the 31st of May, but still, a large number of systems are exposed to this vulnerability, it is likely to happen that hackers will code an exploit for this vulnerability to harm the unaware people who have not yet installed the patch.
As Microsoft is trying to urge its users to install the update for older versions, a lot of unaware people are still at risk, and they can fall prey to this vulnerability easily without any interaction because this vulnerability does not need any interaction from the victim’s side.
Hence, patching your system by installing the update is the only way around.
Link to Offical Report on BlueKeep by Microsoft: CVE-2019-0708