Microsoft believes that there could be many more BlueKeep attacks which will be significantly more destructive than those reported so far.
This comes after the first instances of BlueKeep being used in the wild to execute a malware campaign was recently detected.
This initial wave of BlueKeep attacks saw malicious parties deploying crypto-mining payloads on devices running vulnerable versions of Windows.
However, Microsoft envisions that there are many worse attacks still to come.
“While there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners,” Microsoft said in a blog post.
The company urged those with vulnerable systems to update immediately or risk being exploited by other BlueKeep attacks.
“The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check. Customers are encouraged to identify and update vulnerable systems immediately.”
Microsoft added that because BlueKeep can be exploited without leaving an obvious trace, customers should inspect their systems thoroughly to ensure that their devices are not already infected or compromised by BlueKeep.
Operating systems that are susceptible to the vulnerability include Windows Server 2003, Windows XP, Windows Vista, and Windows 7, as well as Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.
Errata Security reported in May 2019 there were almost 1 million computers susceptible to the BlueKeep exploit.