Why the telecoms industry is particularly vulnerable to BlueKeep

A hand at a computer keyboard with a digital padlock above
(Image credit: Shutterstock)

The telecoms industry is considerably more vulnerable to the Windows BlueKeep exploit five months after its discovery than any other sector, according to new research.

BlueKeep is a remote code vulnerability discovered in May 2019 that affected nearly all versions of Windows and, if exploited, would give an attacker the highest possible privileges on a system.

The vulnerability was so severe that Microsoft released a security patch for it, including an out-of-band update for several versions of Windows that have gone end of life, such as Windows XP which hasn't received a security update since 2014.

Since the Department of Homeland Security and individuals in the private sector developed working exploits of the BlueKeep vulnerability, businesses have been scrambling to update their systems, but according to research from BitSight, over 800,000 systems still remain vulnerable representing just a 17% reduction in vulnerable systems since May.

The researchers said progress has been made across all the industries included in the study, but that telecoms is far more exposed than any sector, with more than 30% of systems still vulnerable to BlueKeep compared to education, the next most at risk area, at just over 5%.

BitSight attributed the huge discrepancy to the fact that "telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector".

"Telecommunications and education [industries] often provide transit services and thus many of the issues affecting those industries are on systems of their customers," the research read. "Residential networks are included as part of the telecommunication industry while in education, the largest group typically represents students."

The industries most responsive when mitigating the vulnerability include the legal, insurance and financial services, all of which were the least vulnerable to BlueKeep in the first place.

The education sector experienced the most significant reduction in industry-wide vulnerability, as evidenced by the table above, but it still languishes behind nearly every other type of organisation.

It was also revealed that China is the country with the most vulnerable systems, closely followed by the US.

"China showed the highest absolute improvement by reducing the number of exposed vulnerable systems by 109,670 which represents a 23.9% decrease," read the report. "The United States followed suit by showing 26,787 fewer vulnerable systems exposed, representing a 20.3% decrease."

"However, there were a number of other countries that saw an increase in the number of exposed systems," the report added. "Most notably was South Korea showing an increase of 3,430 vulnerable exposed systems, a 14.5% increase, and Estonia with 146, a 32.2% increase."

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.