Microsoft issues a warning about BlueKeep vulnerability

There have been reports recently that there are still millions of PCs exposed on the public network that are vulnerable to BlueKeep vulnerability. This vulnerability exists in the Windows XP/7 and Server 2003/2008 and other operating systems in the Remote Desktop Protocol (RDP), has led to many people’s concerns.

There is now a public DOS POC for CVE-2019-0708 (BlueKeep) I just tested it myself here: pic.twitter.com/M5724z5sno

— Chase Dardaman (@CharlesDardaman) May 31, 2019

Simon Pope, director of incident response at Microsoft Security Response Center thinks that an attack that exploited the vulnerability would occur and called on IT administrators to take immediate action.

“It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.

It’s been only two weeks since the fix was released and there has been no sign of a worm yet. This does not mean that we’re out of the woods. If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner.”

It is reported that security vendors Zerodium, McAfee, Kaspersky, Check Point, MalwareTech, and Valthek have developed a BlueKeep-based proof of concept vulnerability. Although they have not released details to the outside world, GitHub has been uploaded a lot of code samples, which makes it very likely to be used by bad guys.

https://twitter.com/MalwareTechBlog/status/1134143172815142912

Via: bankinfosecurity