Attackers Still Finding Plenty of Systems Vulnerable to Bluekeep
Despite the Microsoft-issued patch for BlueKeep, attackers are still exploiting the infamous vulnerability, underlining a problem with the way patches are applied in organizations and by individual users.
The SANS Institute observed exploitation of BlueKeep vulnerability in real time for a few months. The researchers use a tool named Shodan to monitor honeypots intentionally exposed to the Internet without the BlueKeep patch installed.
BlueKeep, tracked as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service affecting Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008. The vulnerability could allow remote code execution without triggering any alarms on the targeted endpoint. The problem was so bad that Microsoft quickly issued a patch even for operating systems that were no longer officially supported.
“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system,” said Microsoft in the initial advisory. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
An estimated 1 million computers were running exploitable operating systems when the patch was issued in May, but SANS researchers discovered that many of them remained unpatched. Simply put, Microsoft”s patch was mostly ignored by individuals and companies alike.
“As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn”t do much to help it,” according to SANS researchers. “And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn”t arrive any time soon.”
The number of systems vulnerable to BlueKeep is dropping, but not fast enough. A workaround for the exploit without installing the patch requires disabling the RDP feature altogether if it”s not used.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021