Why the telecoms industry is particularly vulnerable to BlueKeep

The industry's exposure far exceeds any other, but it's not down to incompetence

The telecoms industry is considerably more vulnerable to the Windows BlueKeep exploit five months after its discovery than any other sector, according to new research.

BlueKeep is a remote code vulnerability discovered in May 2019 that affected nearly all versions of Windows and, if exploited, would give an attacker the highest possible privileges on a system.

The vulnerability was so severe that Microsoft released a security patch for it, including an out-of-band update for several versions of Windows that have gone end of life, such as Windows XP which hasn't received a security update since 2014.

Since the Department of Homeland Security and individuals in the private sector developed working exploits of the BlueKeep vulnerability, businesses have been scrambling to update their systems, but according to research from BitSight, over 800,000 systems still remain vulnerable representing just a 17% reduction in vulnerable systems since May.

The researchers said  progress has been made across all the industries included in the study, but that telecoms is far more exposed than any sector, with more than 30% of systems still vulnerable to BlueKeep compared to education, the next most at risk area, at just over 5%.

BitSight attributed the huge discrepancy to the fact that "telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector".

"Telecommunications and education [industries] often provide transit services and thus many of the issues affecting those industries are on systems of their customers," the research read. "Residential networks are included as part of the telecommunication industry while in education, the largest group typically represents students."

The industries most responsive when mitigating the vulnerability include the legal, insurance and financial services, all of which were the least vulnerable to BlueKeep in the first place.

The education sector experienced the most significant reduction in industry-wide vulnerability, as evidenced by the table above, but it still languishes behind nearly every other type of organisation.

It was also revealed that China is the country with the most vulnerable systems, closely followed by the US.

"China showed the highest absolute improvement by reducing the number of exposed vulnerable systems by 109,670 which represents a 23.9% decrease," read the report. "The United States followed suit by showing 26,787 fewer vulnerable systems exposed, representing a 20.3% decrease."

"However, there were a number of other countries that saw an increase in the number of exposed systems," the report added. "Most notably was South Korea showing an increase of 3,430 vulnerable exposed systems, a 14.5% increase, and Estonia with 146, a 32.2% increase."

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Data breaches increase by a third as staff continue to work from home
cyber security

Data breaches increase by a third as staff continue to work from home

17 May 2021
What is phishing?
phishing

What is phishing?

17 May 2021
Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021