According to figures in a recent report by cyber security firm CyberMDX, 45% of all networked Windows devices in a typical hospital in the US are vulnerable to the Remote Code Execution flaw known as BlueKeep, because they haven’t been updated or patched.
Obsolete software and unpatched devices put networks at risk of being vulnerable to attack. Connected medical devices can include x-ray and ultrasound equipment and monitors.
We first reported on the BlueKeep exploit (CVE-2019-0708), that affects some older versions of Windows, in May 2019 after alerting Microsoft to the threat. Microsoft issued a critical security fix and the NCSC always recommends that organisations and individuals apply updates.
Microsoft security patches for CVE-2019-0708.