Microsoft, almost 1 million PCs and Windows servers still vulnerable to BlueKeep

in microsoft •  6 years ago 

Microsoft has revealed a "wormable" vulnerability in recent weeks that could have led to a new WannaCry, spreading from a vulnerable computer to a vulnerable computer with the ability to reach a broad user base. Although Microsoft has already released security patches for supported systems, and particularly for Windows XP and older versions of the server, many systems appear vulnerable.

A reminder has also been published by Simon Pope of the Microsoft Security Response Center: "Microsoft is confident there is an exploit for this vulnerability," the company manager said. "Only two weeks have passed since the release of the fix and there is still no trace of a worm. However, this does not mean that we are out of trouble." In his message, Pope points out that WannaCry had spread two months after the release of the EternalBlue exploit patches and that, despite the lengthy period of time, many systems were still vulnerable.

EternalBlue was released publicly, making it easy for potential attackers to create malware that exploited the flaw. Microsoft's new exploit, BlueKeep, is not yet available to the public, so it is less likely to release malware that can exploit it. But it's not impossible, stresses Pope: "It's possible that we won't see the vulnerability embedded in a malware, but it's better not to bet on it."

BlueKeep is vulnerable to remote desktop services on Windows XP, Windows 7 and Microsoft's operating system server versions such as Windows Server 2003, Windows Server 2008 R2 and Windows Server 2008. Despite not being very recent operating systems, these are still widely used releases worldwide, especially in some business contexts. In fact, Microsoft strongly recommended that system administrators update as quickly as possible all sensitive computers.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Your post had no rewards, now it does!