One Million Devices Open to Wormable Microsoft BlueKeep Flaw

[silversurfer]

One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released.
 
The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. System administrators were urged to immediately deploy fixes as the flaw could pave the way for a similar rapidly-propogating attack on the scale of WannaCry.
 
Despite that, researchers on Tuesday warned that one million devices linked to the public internet are still vulnerable to the bug. Making matters worse, a spike in scans for vulnerable systems was spotted over the weekend – potentially indicating that bad actors are looking to sniff out the activity.

“That means when the worm hits, it’ll likely compromise those million devices,” said Robert Graham, researcher with Errata Security in a Tuesday analysis. “This will likely lead to an event as damaging as WannaCry and notPetya from 2017 – potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.”

SOURCE: https://threatpost.com/one-million-devic...aw/145113/