IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Why the telecoms industry is particularly vulnerable to BlueKeep

The industry's exposure far exceeds any other, but it's not down to incompetence

The telecoms industry is considerably more vulnerable to the Windows BlueKeep exploit five months after its discovery than any other sector, according to new research.

BlueKeep is a remote code vulnerability discovered in May 2019 that affected nearly all versions of Windows and, if exploited, would give an attacker the highest possible privileges on a system.

The vulnerability was so severe that Microsoft released a security patch for it, including an out-of-band update for several versions of Windows that have gone end of life, such as Windows XP which hasn't received a security update since 2014.

Since the Department of Homeland Security and individuals in the private sector developed working exploits of the BlueKeep vulnerability, businesses have been scrambling to update their systems, but according to research from BitSight, over 800,000 systems still remain vulnerable representing just a 17% reduction in vulnerable systems since May.

The researchers said  progress has been made across all the industries included in the study, but that telecoms is far more exposed than any sector, with more than 30% of systems still vulnerable to BlueKeep compared to education, the next most at risk area, at just over 5%.

BitSight attributed the huge discrepancy to the fact that "telecommunications companies usually host end-customer systems that they cannot upgrade themselves, which may explain the higher ratio for this industry sector".

"Telecommunications and education [industries] often provide transit services and thus many of the issues affecting those industries are on systems of their customers," the research read. "Residential networks are included as part of the telecommunication industry while in education, the largest group typically represents students."

The industries most responsive when mitigating the vulnerability include the legal, insurance and financial services, all of which were the least vulnerable to BlueKeep in the first place.

The education sector experienced the most significant reduction in industry-wide vulnerability, as evidenced by the table above, but it still languishes behind nearly every other type of organisation.

It was also revealed that China is the country with the most vulnerable systems, closely followed by the US.

"China showed the highest absolute improvement by reducing the number of exposed vulnerable systems by 109,670 which represents a 23.9% decrease," read the report. "The United States followed suit by showing 26,787 fewer vulnerable systems exposed, representing a 20.3% decrease."

"However, there were a number of other countries that saw an increase in the number of exposed systems," the report added. "Most notably was South Korea showing an increase of 3,430 vulnerable exposed systems, a 14.5% increase, and Estonia with 146, a 32.2% increase."

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
BT and Cisco partner to help businesses responsibly dispose of unwanted IT equipment
sustainability

BT and Cisco partner to help businesses responsibly dispose of unwanted IT equipment

5 Oct 2022