Older Windows devices at risk of classic hacks

Almost one million devices are vulnerable to BlueKeep

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Almost one million older Windows devices are still vulnerable to the BlueKeep security flaw even afterMicrosoft released a security patchto address the vulnerability.

The vulnerability, known as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) andMicrosofthas already addressed it with its May 2019 Patch Tuesday update.

The BlueKeep security flaw, which has been described as wormable, can be utilized by malware to spread in a similar way to how theWannaCryransomware did back in 2017 through the EternalBlue exploit.

By sending specially created requests via the Remote Desktop Protocol (RDP), a hacker can exploit the flaw to execute arbitrary code and take control of a user’s machine without their knowledge.

Microsoft has already released patches forWindows 7, Windows XP, Server 2008 and Server 2003. By enabling Network Level Authentication (NLA) Windows 7 and Server 2008 users can prevent unauthenticated attacks and alternatively the threat can be mitigated by blocking TCP port 3389.

BlueKeep security flaw

Researchers have already developed proof-of-concept exploits for BlueKeep though none have been released publicly. Many expect attacks exploiting the flaw to appear any day now and to make matters worse, industrial and medical products are also at risk.

By using the Masscan port scanner and a modified version of rdpscan, Errata Security’s Robert Graham carried out an internet scan that found more than 923,000 devices which appear to be vulnerable to BlueKeep attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Graham also identified more than 1.4m machines that have been patched to protect them from BlueKeep and around 1.2m devices that cannot be exploited online since they’re using NLA or the Credential Security Support Provider protocol.

If you’re unable to install the latest security patch from Microsoft to protect your devices from the BlueKeep security flaw, thankfully opatch has released amicropatchwhich can be easily applied to vulnerable systems.

ViaSecurity Week

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday