Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation?
As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations to patch the critical flaw post-haste.
The tally, released today by cybersecurity ratings company BitSight, also shows that the number of vulnerable public-facing machines fell by 17 percent between May 31st and July 2nd, after the firm’s previous estimate put their number at 972,000 at the end of May. That said, neither figure includes computers that are within networks and are hidden from view, but may still be susceptible to lateral attacks.
In addition, BitSight looked at mitigation progress in various industries. While “progress has been made across the board”, legal, non-profit/NGOs and Aerospace/Defense have been the most responsive industries addressing BlueKeep. Meanwhile, the list of laggards includes consumer goods, utilities, and technology industries. Telecom and education are deemed to be the most exposed overall.
When it comes to countries, organizations in China and the United States remain the most exposed, although both of them have also made the biggest strides in patching the flaw.
Why worry?
As discussed in greater length in one of our recent articles, the BlueKeep vulnerability resides in a Windows component known as Remote Desktop Services. The flaw, designated bluekeep patching progressing enough
