BlueKeep is still haunting thousands of enterprise systems
Millions of devices in total are vulnerable to historic security threats that have been patched
More than 240,000 machines are still affected by the infamous BlueKeep vulnerability disclosed last year, which are among millions of other systems vulnerable to severe, historic flaws that have since been patched.
The Windows 10 flaw was first disclosed more than a year and a half ago, with fears that it could potentially devastate corporate networks, passing undisturbed from terminal to terminal, if a wormable exploit was developed.
Although businesses were urged to patch their systems against the BlueKeep flaw immediately, researcher Jan Kopriva has suggested that hundreds of thousands of machines are still vulnerable to the notorious bug.
Although there has been a significant decline in the number of BlueKeep-affected machines accessible from the internet, there still appears to be 240,000 of them, Kopriva wrote.
“Given how dangerous and well known BlueKeep is, it rather begs the question of how many other, less well-known critical vulnerabilities are still left unpatched on a similar number of systems,” he added. “And since any of these might potentially come back to haunt us one day, this would seem to be a question worth asking.”
Kopriva collated the number of machines that may still be vulnerable to other infamous flaws by scanning the Shodan search engine for devices. These were all discovered before 2020, and were generally than Kopriva would have expected.
The vulnerability CVE-2019-0211, for example, an Apache HTTP server root privilege escalation flaw, still affects a staggering 3,357,835 machines. The flaw CVE-2019-12525, meanwhile, which was found in the Squid software, still affects 1,219,716 devices.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Similarly to BlueKeep, the HeartBleed OpenSSL flaw still affects 204,878 machines despite having been patched more than six years ago.
While these numbers are generally higher than Kopriva would have expected, he added that Shodan results aren’t necessarily up-to-date, or completely accurate.
He had previously, in November 2019, tried to warn businesses to patch the relevant systems immediately against the BlueKeep flaw. Shortly after the first “mass exploitation” of the vulnerability was discovered in the wild, the researcher presented data suggesting this hadn’t motivated businesses into acting any faster in patching their systems.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
Amazon OpenSearch update targets performance boosts and lower costsNews Surging data volumes have prompted an overhaul of Amazon’s OpenSearch service
-
Cyber experts say they've identified the first case of ‘agentic ransomware’News While the JadePuffer ransomware has alarm bells ringing, it still needed a human in the loop
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security