How to Fix: Patch BlueKeep Worm (XP, Vista, 7, Server 2008)

John Lister's picture

If you're still on Windows 7 or earlier, you need to make sure you have a recent security patch installed as soon as possible. It fixes a very serious operating system exploit, dubbed "BlueKeep". Note that a firewall and antivirus will not block operating system exploits, which is why using an unsupported operating system is incredibly dangerous.

The bug is in the way that Remote Desktop Protocol (RDP) works. Remote Desktop Protocol lets somebody on one computer see and control another computer in another location. It has some extremely useful applications such as working away from an office or offering remote tech support.

The feature is naturally designed to be extremely secure as a hacker being able to get remote access and control to a computer is one of the biggest risks. That's exactly what's happened with the BlueKeep bug, spotted by the United Kingdom's Cybersecurity Center.

Bug Can Be Exploited Immediately

The bug doesn't require any action on the part of the user, such as opening a dubious email attachment or clicking on the wrong link. Instead, hackers can trigger it just be sending a specially crafted packet request to a computer. This isn't just a theory: it's already happening. (Source:

The risks are so severe that Microsoft not only issued patches for Windows 7 and Vista, but even a patch for XP. That's incredibly rare these days as Microsoft has long since stopped issued patches for XP, partly to avoid creating a false sense of security among people who still run it.

Nearly a Million PCs Unpatched

Although the patch started rolling out in the middle of May, not everyone has got it in place yet.

One security researcher 'robertdavidgraham' has created a tool called 'rdpscan.exe' (available via .ZIP file) to scan the Internet for machines vulnerable to attacks exploiting the bug. At the time of writing, he found more than 900,000 computers without the patch in place. (Source:

Advanced Users ONLY: Download 'RDPScan.exe' Here

If you are an advanced user and understand networking and how to use an administrative command prompt, you can use the rdpscan.exe utility (available in .ZIP format) provided by robertdavidgraham via his GitHub webpage. You may refer to the full command line syntax via the "Primary Use" header on his GitHub page.

Please do not ask in the comments on how to use the rdpscan.exe as these requests will be ignored.

If you are not an advanced user, please patch your system using the instruction below.

Download the BlueKeep Windows Patch Here

Currently the BlueKeep patch is available for Windows XP, Vista, 7, and Windows Server 2008 / R2.

Windows 8, 8.1, and 10 users do not need the patch.

For Windows 7 and Windows Server 2008 / R2 users: you have two choices when it comes to patching the system. You either download the 'monthly rollup' or the 'security only' update. Either is fine, though the 'security only' update is smaller compared to the 'monthly rollup' (80mb vs 300mb, approximately). Both options are available here. If you are running Windows 7 now and you have Windows Update set to automatic, you likely already have the patch installed.

If you are running Windows XP or Vista, download the BlueKeep patches here.

What's Your Opinion?

Do you run Windows 7 or earlier? Do you make sure all updates are in place, either automatically or manually? Is Microsoft right to patch XP in this case even though it's no longer supported?

Rate this article: 
Average: 4.4 (8 votes)


buzzallnight's picture

Does this attack work even if you have Remote Desktop Protocol turned off?

Do you run Windows 7 or earlier? yes

Do you make sure all updates are in place, either automatically or manually?
security only if they actually work automatically.

Is Microsoft right to patch XP in this case even though it's no longer supported?

yes M$ should support everything back to DOS!!!!!!!!!!!!!!