According to reports, almost 1 million devices are still vulnerable to recently disclosed Windows BlueKeep RDP vulnerability.
The vulnerability tracked as CVE-2019-0708 is a remote code execution vulnerability impacting the Windows Remote Desktop Services (RDS).
The vulnerability is pre-authenticated and could be exploited without user interaction. This wormable capability could allow the malware to spread around the targeted networks easily.
Dubbed BlueKeep allows an unauthenticated attacker to execute arbitrary code on a targeted system by sending a specially crafted request to Remote Desktop Services using RDP.
Successful exploitation of the vulnerability allows attackers to install programs, view, change, or delete data, create new accounts with full user rights.
The vulnerability affects Windows 7, XP, 2003, Windows Server 2008 and 2008 R2.
Microsoft has addressed this vulnerability in the May 2019 Patch Tuesday updates.
Now Robert Graham of Errata Security firm has performed an internet scan for the vulnerable devices and discovered nearly 923,671 potentially vulnerable devices.
In the initial scan started with masscan which scan the whole internet for devices running Remote desktop and discovered a total of 7,629,102 results in which only half are actually remote desktops.
“Masscan only finds the open ports, but is not complex enough to check for the vulnerability. Remote Desktop is a complicated protocol. A project was posted that could connect to an address and test it, to see if it was patched or vulnerable. “
“I took that project and optimized it a bit, rdpscan, then used it to scan the results from masscan. It’s a thousand times slower, but it’s only scanning the results from masscan instead of the entire Internet.”
For more details regarding scan and reports, you can visit here.
This means even though the patch is out not every user and organisations have addressed the issue, making them vulnerable to a potential cyberattack in coming days.
According to various reports, threat actors and hackers have started scanning the internet for vulnerable devices to target them.
Even though few security researchers have confirmed to have successfully developed proof-of-concept exploit code for this issue including Kaspersky and Checkpoint, no security researchers have publicly disclosed it.
All users are advised to patch the vulnerability immediately to avoid potential cyber attack on their systems and organisations.
You may be interested in reading: WhatsApp Critical Flaw Allowed Installation of Spyware on to Phones