BlueKeep Remote Desktop Exploits Are Coming, Patch Now!

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind.

While the vulnerability inspired some playful users to create fake proof-of-concept code intended for rickrolling, it is no joke. As Remote Desktop Services is commonly exposed to the public so that users can gain remote access to their internal computers, successful exploitation could allow access to an entire network.

Microsoft released a patch for the flaw on May 14 and described it as being "wormable" - not requiring user interaction, and allowing malware to propagate to vulnerable machines "in a similar way as the WannaCry malware spread across the globe in 2017." The severity score of the flaw is 9.8 out of 10, which makes it critical.

More information
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Our experts have credible intelligence to support that this vulnerability could be exploited in less than a week, potentially producing the same amount of damage as we have seen in the case of self-replicating code like WannaCry and the older Conficker worm. As per our intelligence, 8.5% of machines are vulnerable to the attacks. Based on this data, we conclude the impact it could have on organizations worldwide would be devastating.

Our Research & Intelligence team, which monitors underground fora and dark market services, has observed several offers for sale of functional exploit code. One of these offers, in particular, comes from a person who had previously sold 0-day vulnerabilities on the dark market. We are already in possession of the functional exploit code and we can confirm that it works scarily reliably against vulnerable installations/services.
  • Patch as soon as possible
What you need to do if for certain reasons you are not able to patch your machines immediately:
  • Implement IP restrictions that would prevent global access towards RDP services, no matter whether LAN or WAN.
  • Enable Network Level Authentication (NLA). This puts another form of authentication in front of RDP, which makes it more difficult for intruders to log in.
  • Turn off RDP. Obviously, this would not be an option if your business cannot run without it.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
"my Antivirus will keep me safe".

With their fears over stability and privacy, most stay settled with either Windows 7 or a previous Windows 10 build. I speculate that Windows users will not update their PCs.

Stability vs Privacy vs Security
 
  • Like
Reactions: shmu26

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top