Every few years there is a software vulnerability that has the potential for significant, widespread harm around the world.
Just over two years ago to the day on 14 May 2017, there was WannaCry - a form of ransomware that exploited a critical vulnerability in Microsoft operating systems.
The WannaCry virus spread rapidly across the world, disrupting the National Health Service in the United Kingdom and crippling automotive and telecommunications companies in Europe.
Impacts to the global economy may never be fully understood, but estimates suggest hundreds of millions of dollars in lost revenue and repair bills.
Today the BlueKeep vulnerability is readily available to cyber criminals who seek to exploit vulnerable systems en masse. These criminal groups are not necessarily targeting unsuspecting users; they’re simply sweeping the landscape for vulnerable, outdated systems that are easily penetrable.
A Remote Desktop Protocol (RDP) service left unpatched is likely exposed and potentially exploitable, with BlueKeep applying to both external and internal facing RDP, enabling actors to move laterally across a network.
Criminal groups can also utilise this vulnerability to conduct denial of services attacks on unprotected systems.