CyberTech

Level 22
Verified
Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind.

While the vulnerability inspired some playful users to create fake proof-of-concept code intended for rickrolling, it is no joke. As Remote Desktop Services is commonly exposed to the public so that users can gain remote access to their internal computers, successful exploitation could allow access to an entire network.

Microsoft released a patch for the flaw on May 14 and described it as being "wormable" - not requiring user interaction, and allowing malware to propagate to vulnerable machines "in a similar way as the WannaCry malware spread across the globe in 2017." The severity score of the flaw is 9.8 out of 10, which makes it critical.
More information
 

upnorth

Level 34
Verified
Trusted
Content Creator
Our experts have credible intelligence to support that this vulnerability could be exploited in less than a week, potentially producing the same amount of damage as we have seen in the case of self-replicating code like WannaCry and the older Conficker worm. As per our intelligence, 8.5% of machines are vulnerable to the attacks. Based on this data, we conclude the impact it could have on organizations worldwide would be devastating.

Our Research & Intelligence team, which monitors underground fora and dark market services, has observed several offers for sale of functional exploit code. One of these offers, in particular, comes from a person who had previously sold 0-day vulnerabilities on the dark market. We are already in possession of the functional exploit code and we can confirm that it works scarily reliably against vulnerable installations/services.
  • Patch as soon as possible
What you need to do if for certain reasons you are not able to patch your machines immediately:
  • Implement IP restrictions that would prevent global access towards RDP services, no matter whether LAN or WAN.
  • Enable Network Level Authentication (NLA). This puts another form of authentication in front of RDP, which makes it more difficult for intruders to log in.
  • Turn off RDP. Obviously, this would not be an option if your business cannot run without it.
 

silversurfer

Level 52
Verified
Trusted
Content Creator
Malware Hunter

 

upnorth

Level 34
Verified
Trusted
Content Creator
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
 

Spawn

Administrator
Verified
Staff member
"my Antivirus will keep me safe".

With their fears over stability and privacy, most stay settled with either Windows 7 or a previous Windows 10 build. I speculate that Windows users will not update their PCs.

Stability vs Privacy vs Security
 
  • Like
Reactions: shmu26