That leaves a broad potential attack surface for someone who exploits the vulnerability. BlueKeep is “wormable,” meaning the malware could infect systems as it finds its own ways to move from network to network.
The good news is that, since the end of May, the number of systems that are vulnerable to BlueKeep is down 17 percent, according to BitSight. Additionally, at least 854 systems vulnerable to BlueKeep are being patched per day.
“We are really trying to encourage organizations to take action and to address their externally exposed systems,” Dan Dahlberg, BitSight’s director of security research, told CyberScoop.