IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

BlueKeep attack discovery has done nothing to motivate businesses into patching systems

Thousands of vulnerable systems remain unpatched with news of the first attack barely changing trends

Businesses are generally apathetic to the Windows BlueKeep threat, even though the first "mass exploitation" of the infamous vulnerability was discovered in the wild last week.

The percentage of flawed systems has been falling more or less steadily over the last few months, according to experts. This trend has barely shifted despite widespread coverage of a cryptocurrency mining attack that was discovered by researchers recently.

BlueKeep is a 'wormable' remote code execution (RCE) vulnerability that allows attackers to gain the highest possible privileges on a Windows machine, with an attack capable of spreading across an entire network without intervention.

Warnings spread from security agencies across the world in the wake of BlueKeep's discovery, including from the National Cyber Security Centre (NCSC), but there has been a dearth of active exploits so far discovered in the wild.

Although the cryptocurrency mining attack discovered last week was described as 'amateur' and didn't include a wormable function, experts nevertheless warned that more sophisticated future attacks may now follow.

Analysis by researcher Jan Kopriva, however, shows businesses haven't been motivated to patch vulnerable systems any faster or slower than that at which they have already been updating systems.

"As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn't do much to help it," Kopriva said.

"And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn't arrive any time soon."

Kopriva scanned the Shodan search engine for systems vulnerable to BlueKeep attacks and then compared this against the number of all systems responding on port 3389. This mechanism produced an approximate percentage of unpatched systems connected to the internet, although it's far from exact.

The result was a steady decline in the proportion of vulnerable systems; a trend that has remained relatively unchanged since September, despite news spreading of the first BlueKeep attack last week.

The researcher who discovered BlueKeep, Kevin Beaumont, said in the wake of the attack's discovery that there may be swathes of systems that are simply never patched. He added that there would be global consequences if somebody were to make a wormable exploit.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download


Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022