BlueKeep still can attack about one million of computers

Despite that Microsoft released a patch for vulnerability for remote code execution CVE-2019-0708, also known as BlueKeep, about two weeks ago, more than 963 thousands of computers are still under a threat of attacks.

It showed research, conducted by Errata Security specialists.

CVE-2019-0708 affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 and allows unauthorized attackers executing random code and intercept control over device by sending specially formed inquiries to Remote Desktop Service, while cooperation with user will be not necessary.

This vulnerability is quite dangerous as can open opportunity for a wide-scale cyberattacks.

Results of scanning show that by far not all users and organizations installed a patch, putting themselves under risk.

“We find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it’ll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry and notPetya from 2017 — potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness”, — reported Errata Security specialists.

Earlier several Internet-security researchers reported about creation of PoC-codes for exploitation of vulnerability, however, did not publish them due to security considerations.

Nevertheless, GreyNoise specialists fixed first attempts of scanning Internet for sensitive to BlueKeep devices.

“GreyNoise is observing sweeping tests for systems vulnerable to the RDP “BlueKeep” (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. This activity has been observed from exclusively Tor exit nodes and is likely being executed by a single actor”, — reported GreyNoise researchers.

Source: https://blog.erratasec.com