SmartStateIndia
News

BluKeep and SMBGhost vulnerabilities still unpatched

BluKeep

Remember BluKeep and SMBGhost? They may be forgotten but not gone. New research from Jan Kopriva shows that unpatched vulnerabilities are a goldmine for cybercriminals. More than 245,000 systems remain vulnerable to BluKeep and over 103,000 Windows systems can still be affected by SMBGhost.

Satnam Narang, Staff Research Engineer, Tenable  comments on the urgency to apply patches to these long overdue vulnerabilities.

Tenable Satnam Narang“The findings in Jan Kopriva’s research supports a narrative that has persisted for some time: unpatched vulnerabilities are extremely valuable to cybercriminals. Some of the vulnerabilities referenced date back as far as 2014. Despite patches being available for six years, there are still hundreds of thousands of publicly accessible systems vulnerable to flaws like Heartbleed.

“With a vulnerability like BlueKeep (CVE-2019-0708), we have seen the number of vulnerable, publicly accessible systems decline over time and while that certainly helps, there are still far too many vulnerable systems out there. In fact, a recent report from FireEye found that threat actors were utilising BlueKeep as part of their reconnaissance efforts after they exploited a zero-day vulnerability to gain initial access into their target environment.

“In May 2020, the Cybersecurity and Infrastructure Security Agency (CISA) published a list of Top 10 Routinely Exploited Vulnerabilities over the last several years. The report highlights how state-sponsored threat actors don’t need to invest time or capital in developing or acquiring zero-day vulnerabilities when there are so many unpatched systems out there and readily available proof-of-concept exploit code at their disposal. Reports like these reinforce the challenge we face today when it comes to unpatched systems. We strongly urge organisations to apply patches to these long overdue vulnerabilities immediately.”

Related posts

Lacework Introduces Polygraph Data Platform

SSI Bureau

IceWarp initiates honoring Women CIOs across the industry in commemoration of Women’s Day

SSI Bureau

‘Nxtra by Airtel’ to set up two Data Centre Campuses in Maharashtra

SSI Bureau

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More