News

BlueKeep still can attack about one million of computers

Despite that Microsoft released a patch for vulnerability for remote code execution CVE-2019-0708, also known as BlueKeep, about two weeks ago, more than 963 thousands of computers are still under a threat of attacks.

It showed research, conducted by Errata Security specialists.

CVE-2019-0708 affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 and allows unauthorized attackers executing random code and intercept control over device by sending specially formed inquiries to Remote Desktop Service, while cooperation with user will be not necessary.

This vulnerability is quite dangerous as can open opportunity for a wide-scale cyberattacks.

Results of scanning show that by far not all users and organizations installed a patch, putting themselves under risk.

“We find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it’ll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry and notPetya from 2017 — potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness”, — reported Errata Security specialists.

Earlier several Internet-security researchers reported about creation of PoC-codes for exploitation of vulnerability, however, did not publish them due to security considerations.

Nevertheless, GreyNoise specialists fixed first attempts of scanning Internet for sensitive to BlueKeep devices.

“GreyNoise is observing sweeping tests for systems vulnerable to the RDP “BlueKeep” (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. This activity has been observed from exclusively Tor exit nodes and is likely being executed by a single actor”, — reported GreyNoise researchers.

Recommendations from Errata Security:

Here are two things you should do to guard yourself. The first is to apply Microsoft’s patches, including old Windows XP, Windows Vista, and Windows 7 desktops and servers.

More importantly, for large organizations, is to fix their psexec problem that allows such things to spread via normal user networking.

Source: https://blog.erratasec.com

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button