Microsoft's security team believes BlueKeep's most destructive attacks are coming and encourages users and companies to install updates if they haven't done so yet.
The company's warning came when security investigators discovered the first malware campaign using BlueKeep's vulnerability.
The attacks, which were discovered last weekend, were using BlueKeep to break into Windows systems that had not been updated and to install a cryptocurrency miner.
Many security researchers have underestimated the attacks and have not considered the campaign BlueKeep has been using for the past six months as a campaign that could lead to major disasters.
This is because although Microsoft announced that BlueKeep could be used to build worm (self-spreading) malware, the weekend attacks did not indicate malware that could spread itself.
The attackers scanned the internet for vulnerable systems and attacks were carried out on each system that was not updated, one at a time, using a BlueKeep exploit, and then installed a cryptocurrency miner.
This, of course, is not similar to the catastrophic outbreak that Microsoft reported could cause BlueKeep. In addition, in many cases the BlueKeep exploit failed to work, but it destroyed the systems.
But Microsoft continues to say that this is only the beginning, and that the attackers will perfect their attacks. The company says the worst is coming.
"While there have been no other confirmed ransomware or other malware attacks so far, the BlueKeep exploit will probably be used to deliver malware more harmful than miners", said today Microsoft.
So Microsoft is encouraging users (for the third time this year) to install the updates they release immediately.