BlueKeep attack discovery has done nothing to motivate businesses into patching systems

An alert on a laptop screen showing an offer to upgrade to Windows 10 for free

Businesses are generally apathetic to the Windows BlueKeep threat, even though the first "mass exploitation" of the infamous vulnerability was discovered in the wild last week.

The percentage of flawed systems has been falling more or less steadily over the last few months, according to experts. This trend has barely shifted despite widespread coverage of a cryptocurrency mining attack that was discovered by researchers recently.

BlueKeep is a 'wormable' remote code execution (RCE) vulnerability that allows attackers to gain the highest possible privileges on a Windows machine, with an attack capable of spreading across an entire network without intervention.

Warnings spread from security agencies across the world in the wake of BlueKeep's discovery, including from the National Cyber Security Centre (NCSC), but there has been a dearth of active exploits so far discovered in the wild.

Although the cryptocurrency mining attack discovered last week was described as 'amateur' and didn't include a wormable function, experts nevertheless warned that more sophisticated future attacks may now follow.

Analysis by researcher Jan Kopriva, however, shows businesses haven't been motivated to patch vulnerable systems any faster or slower than that at which they have already been updating systems.

"As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn't do much to help it," Kopriva said.

"And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn't arrive any time soon."

Kopriva scanned the Shodan search engine for systems vulnerable to BlueKeep attacks and then compared this against the number of all systems responding on port 3389. This mechanism produced an approximate percentage of unpatched systems connected to the internet, although it's far from exact.

The result was a steady decline in the proportion of vulnerable systems; a trend that has remained relatively unchanged since September, despite news spreading of the first BlueKeep attack last week.

The researcher who discovered BlueKeep, Kevin Beaumont, said in the wake of the attack's discovery that there may be swathes of systems that are simply never patched. He added that there would be global consequences if somebody were to make a wormable exploit.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.