Big issued an
Emergency warning to update windows for "Bluekeep RDP" Flaw
Microsoft Warned Second
Time to Update Windows for Bluekeep RDP Flaw – Exploits Already Available in
Hackers Hand
Its a second time Microsoft urged users to update the recently patched Warmable BlueKeep Remote desktop protocol vulnerability due to the seriousness of this flaw let the hackers perform WannaCry level Attack.
Microsoft already warned first on May 14 when they released a patch for a critical Remote Code Execution vulnerability, CVE-2019-0708.
We have reported about “Bluekeep vulnerability” earlier this week. Successful exploitation of this vulnerability, allows an attacker to execute arbitrary code on the windows machine and to install programs on the machine with elevated privileges.
Since the vulnerability is ‘wormable,’ that means, any future malware that exploits this vulnerability could propagate from vulnerable computer to another vulnerable computer. “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights. ”
Microsoft strongly believes that the attackers already prepared an exploit for this RDP flaw, and soon they will start similarly attacking the vulnerable systems as the WannaCry malware spread across the globe in 2017.
A recent analysis revealed that more than one million PCs on the public internet are still vulnerable to wormable, BlueKeep RDP flaw.
Robert Graham conducted an RDP scan looking for port 3389 used by Remote Desktop to find the possible vulnerable machines. He discovered that 923,671 machines are still vulnerable.
McAfee, Kaspersky, Check Point, and MalwareTech created a Proof-of-Concept (PoC) that would use the CVE-2019-0708 vulnerability that could remotely execute the code on the victim’s machine.
Many Corporate networks are vulnerable
Microsoft also believes many of the corporate networks are still vulnerable, and they are more vulnerable than individual users since there are many systems connected in a single network.
Its a second time Microsoft urged users to update the recently patched Warmable BlueKeep Remote desktop protocol vulnerability due to the seriousness of this flaw let the hackers perform WannaCry level Attack.
Microsoft already warned first on May 14 when they released a patch for a critical Remote Code Execution vulnerability, CVE-2019-0708.
We have reported about “Bluekeep vulnerability” earlier this week. Successful exploitation of this vulnerability, allows an attacker to execute arbitrary code on the windows machine and to install programs on the machine with elevated privileges.
Since the vulnerability is ‘wormable,’ that means, any future malware that exploits this vulnerability could propagate from vulnerable computer to another vulnerable computer. “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights. ”
Microsoft strongly believes that the attackers already prepared an exploit for this RDP flaw, and soon they will start similarly attacking the vulnerable systems as the WannaCry malware spread across the globe in 2017.
A recent analysis revealed that more than one million PCs on the public internet are still vulnerable to wormable, BlueKeep RDP flaw.
Robert Graham conducted an RDP scan looking for port 3389 used by Remote Desktop to find the possible vulnerable machines. He discovered that 923,671 machines are still vulnerable.
McAfee, Kaspersky, Check Point, and MalwareTech created a Proof-of-Concept (PoC) that would use the CVE-2019-0708 vulnerability that could remotely execute the code on the victim’s machine.
Many Corporate networks are vulnerable
Microsoft also believes many of the corporate networks are still vulnerable, and they are more vulnerable than individual users since there are many systems connected in a single network.
Author: Balaji by Networksecurity