Windows: the BlueKeep flaw exploited by hackers

More fear than harm since it is not a worm, but the Bluekeep flaw allowed hackers to infect thousands of PCs and use them to undermine cryptocurrencies. Month after month, the number of vulnerable computers decreases.

Last May, Microsoft released a major patch for its older systems, Windows XP to Windows 7, and Windows Server 2003 and 2008, a very rare event especially for Windows XP that no longer receives updates. The patch was intended to fix a flaw called BlueKeep, which researchers said exposed millions of devices to a potential computer worm, a virus capable of spreading automatically from one vulnerable machine to another.

Researchers were assessing the danger of such a virus at the same level as WannaCry,  which had infected more than 200,000 machines, and urging the concerned administrators to update their systems or risk a disaster. Several demonstrations have shown that it takes only 22 seconds to take control of a computer without a fix.

BlueKeep operated for crypto minage

Nearly six months later, the first malware mass exploiting the flaw surfaced, without triggering the announced apocalypse. This is not a worm as feared by researchers, but a banal cryptojacking, a virus that uses the power of the computer victim to undermine cryptocurrencies. Unlike a worm, which spreads automatically from one infected machine to another, the attack is launched directly by the hacker who scanned the Internet to identify vulnerable machines.

The absence of worms at this stage indicates that its development is probably not considered profitable by hacker groups. The number of vulnerable machines has decreased, although there are still some 735,000 connected to the Internet. Every passing month sees a drop in the number of computers without the fix, and the risk of a mass infection is getting further and further away.