One and a half years after Microsoft revealed the BlueKeep vulnerability affecting Windows RDP, more than 245.000 Windows systems remain unpatched and vulnerable to attack.
The number represents about 25% of the 950.000 systems initially found to be vulnerable to BlueKeep attacks during a first scan in May 2019.
Likewise, more than 103.000 Windows systems remain vulnerable in SMBGhost, a vulnerability in the Server Message Block v3 (SMB) protocol shipped with recent versions of Windows, revealed in March 2020
Both vulnerabilities allow intruders to take over Windows systems remotely and are considered some of the most serious errors revealed in Windows in recent years.
However, despite their severity, many systems have remained unpatched, according to research conducted in recent weeks by SANS ISC operator Jan Kopriva.
Kopriva says that BlueKeep and SMBGhost are not the only vulnerabilities that hackers can exploit remotely and still have a strong presence on the internet, exposing systems to attacks.
According to the Czech security researcher, there are still millions of systems accessible to the Internet, which administrators have failed to fix and are vulnerable to remote takeovers. These include systems such as IIS servers, their Exim emails clients OpenSSL and websites WordPress.
Two warnings were issued by the US National Security Agency (NSA), one issued in May (for the Exim CVE-2019-10149 error exploited Russian hackers) and a second one in October (for the BlueKeep bug exploited by Chinese state hackers).
However, despite these warnings, there are still more than 268.000 Exim servers that have not been fixed for Exim error and more than 245.000 for BlueKeep.
Kopriva says the numbers show that "even well-known vulnerabilities are sometimes not fixed for years."