One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month (discussed in the May 14 Security and Resilience Update). System administrators were urged to immediately deploy fixes as the flaw could pave the way for a similar rapidly-propagating attack on the scale of WannaCry. Despite that, researchers warned that one million devices linked to the public internet are still vulnerable to the bug. Making matters worse, a spike in scans for vulnerable systems was spotted over the past weekend – potentially indicating that bad actors are looking to sniff out the activity. The critical remote code-execution flaw exists in Remote Desktop Services and impacts older version of Windows, including Windows 7, Windows XP, Server 2003 and Server 2008. Read the article at Threatpost.