Last month Microsoft announced that it had discovered a vulnerability in remote desktop services that…
It showed research, conducted by Errata Security specialists.
CVE-2019-0708 affects Windows 2003, XP, Windows 7, Windows Server 2008 and 2008 R2 and allows unauthorized attackers executing random code and intercept control over device by sending specially formed inquiries to Remote Desktop Service, while cooperation with user will be not necessary.
This vulnerability is quite dangerous as can open opportunity for a wide-scale cyberattacks.
Results of scanning show that by far not all users and organizations installed a patch, putting themselves under risk.
“We find nearly 1-million devices on the public Internet that are vulnerable to the bug. That means when the worm hits, it’ll likely compromise those million devices. This will likely lead to an event as damaging as WannaCry and notPetya from 2017 — potentially worse, as hackers have since honed their skills exploiting these things for ransomware and other nastiness”, — reported Errata Security specialists.
Earlier several Internet-security researchers reported about creation of PoC-codes for exploitation of vulnerability, however, did not publish them due to security considerations.
Nevertheless, GreyNoise specialists fixed first attempts of scanning Internet for sensitive to BlueKeep devices.
“GreyNoise is observing sweeping tests for systems vulnerable to the RDP “BlueKeep” (CVE-2019-0708) vulnerability from several dozen hosts around the Internet. This activity has been observed from exclusively Tor exit nodes and is likely being executed by a single actor”, — reported GreyNoise researchers.
Here are two things you should do to guard yourself. The first is to apply Microsoft’s patches, including old Windows XP, Windows Vista, and Windows 7 desktops and servers.
More importantly, for large organizations, is to fix their psexec problem that allows such things to spread via normal user networking.
Source: https://blog.erratasec.com
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…
View Comments