One million users have been left open to attack because of a Windows flaw that could lead to a WannaCry-style ransomware attack. Security researcher describe the bug as “wormable”, leaving machines vulnerable to attack despite Microsoft issuing a recent patch.
During the company’s Patch Tuesday rollup for May, a fix was sent out for the flaw dubbed CVE-2019-0708. However, researchers claim devices remain vulnerable to the attack known as BlueKeep.
Microsoft told users to update to the fixes as soon as possible as the vulnerability could be expanded. New information shows one million devices are still open to the attack. According to security experts, attackers are already seeking ways to exploit the flaw.
“That means when the worm hits, it’ll likely compromise those million devices,” said Robert Graham, researcher with Errata Security in a Tuesday analysis, as reported by ThreatPost. “This will likely lead to an event as damaging as WannaCry and notPetya from 2017 – potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness.”
BlueKeep is a dangerous vulnerability because it can be executed by bad actors remotely. It is located in Remote Desktop Services on older Windows legacy builds such as Windows 7, Windows XP, AND Server 2003 and 2008.
“This [bug] would have the potential of a global WannaCry-level event,” said Chris Goettl, director of product management for security at Ivanti, during Patch Tuesday. “What’s more, Microsoft has released updates for Windows XP and Server 2003 (which you wouldn’t have found unless you were looking at the Windows Update Catalog). So, this affects Windows 7, Server 2008 R2, XP and Server 2003.”
While Microsoft is still attempting to resolve the vulnerabilities, software vendors and OEMs are cautioning users.