In May 2019, Microsoft first disclosed the BlueKeep vulnerability affecting the Windows RDP service . However, now, a year and a half later, there are still more than 245,000 Windows systems unpatched and vulnerable to attacks; this number accounts for about 25% of the 950,000 systems vulnerable to BlueKeep found in the first scan.
Image source: ZDNet
At the same time, there are more than 103,000 Windows systems that are still vulnerable to SMBGhost. SMBGhost is a vulnerability in the Server Message Block v3 (SMB) protocol in the latest version of Windows that was disclosed in March 2020. Both of these vulnerabilities allow attackers to take over Windows systems remotely and are considered to be one of the most serious vulnerabilities disclosed in Windows in the past few years.
However, according to research reports compiled by the head of SANS ISC Jan Kopriva in the past few weeks, despite the serious vulnerabilities, there are still many systems that have not been patched.
Kopriva said that BlueKeep and SMBGhost are not the only major remotely exploitable vulnerabilities that exist in the network, and they expose the system to attacks. Security researchers pointed out that there are still millions of Internet-accessible system administrators who have not patched them, so they can easily be controlled remotely. These systems include IIS server, Exim email proxy, OpenSSL client and WordPress site.
At present, the reasons why these systems have not repaired related vulnerabilities are still unknown. Data shows that there are still more than 268,000 Exim servers that have not been patched for Exim vulnerabilities, and more than 245,000 devices have not been patched for BlueKeep.
Kopriva said that these figures show that even very well-known vulnerabilities may sometimes remain unpatched for several years. In addition, considering the danger and popularity of BlueKeep, he also asked the question, that is, on the same number of systems, how many other less well-known critical vulnerabilities have not been patched?