BlueKeep: Patch status is to low, Windows 2000 vulnerable

[German]The BlueKeep vulnerability CVE-2019-0708 is still unpatched in many systems, as new figures show. In addition, the US government warns of unpatched Windows 2000 systems.


The BlueKeep vulnerability CVE-2019-0708

Within Remote Desktop Services of older Windows systems (Windows XP up to Windows 7), a serious security vulnerability CVE-2019-0708 has been known since May 2019 (see articles at end of article). An attacker can connect to a target system via special requests via RDP without further authentication.

All systems prior to Windows 8 are affected, although there are updates for Windows XP to Windows 7 (see Critical update for Windows XP up to Windows 7 (May 2019)). Attackers who have successfully exploited this vulnerability can execute remote code on the target system. This includes installing programs, viewing, modifying, or deleting data, and creating new accounts with full user privileges.

How to check systems for vulnerability through the vulnerability CVE-2019-0708 or an installed patch is described in the blog post How To: BlueKeep-Check for Windows. So we have now security updates, and there are ways to check if these updates are installed. This even works within a network. But people don't patch.

Statistics: patch status insufficient

The following tweet states that 83.4% of the systems available worldwide that can be reached via the Internet and attacked via the BlueKeep vulnerability do have yet security updates.


If you go through the Twitter messages of the account concerned, you can see that the numbers have risen several times, from 57% to 72.4% and now to 83.4%. I do not know exactly how the figures are calculated. The hash tag #MDATP appears in the tweets.

A reference to the Microsoft Defender ATP-Komponente Threat & Vulnerability Management available since April 2019.

Warning about unpatched Windows 2000 systems

A few days ago, Bleeping Computer pointed out in this article that the Cyber Security and Infrastructure Security Agency (CISA) had published a warning for Windows users. Windows users are urged to patch the critical RCE vulnerability in Desktop Services (RDS), BlueKeep. The agency, which is part of the US Department of Homeland, writes that it successfully tested remote code execution attacks on a computer running a vulnerable version of Windows 2000.

CISA tested BlueKeep against a Windows 2000 machine and achieved remote code execution. Windows OS versions prior to Windows 8 that are not mentioned in this Activity Alert may also be affected; however, CISA has not tested these systems.

I would have said Windows 2000 doesn't matter. But if CISA explicitly tests an exploit and then warns, the number of affected systems might be greater than 0.

Similar articles
A threat actor scans Windows systems for BlueKeep vulnerability
BlueKeep: Windows Remote Desktop Services vulnerability exploits status
Critical update for Windows XP up to Windows 7 (May 2019)
Nearly 1 million Windows machines with BlueKeep vulnerability
BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia
BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor
How To: BlueKeep-Check for Windows
Metasploit for Windows BlueKeep vulnerability

Cookies helps to fund this blog: Cookie settings


This entry was posted in Security, Update, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *