1 min read

Attackers Still Finding Plenty of Systems Vulnerable to Bluekeep

Silviu STAHIE

November 12, 2019

Attackers Still Finding Plenty of Systems Vulnerable to Bluekeep

Despite the Microsoft-issued patch for BlueKeep, attackers are still exploiting the infamous vulnerability, underlining a problem with the way patches are applied in organizations and by individual users.

The SANS Institute observed exploitation of BlueKeep vulnerability in real time for a few months. The researchers use a tool named Shodan to monitor honeypots intentionally exposed to the Internet without the BlueKeep patch installed.

BlueKeep, tracked as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service affecting Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008. The vulnerability could allow remote code execution without triggering any alarms on the targeted endpoint. The problem was so bad that Microsoft quickly issued a patch even for operating systems that were no longer officially supported.

“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system,” said Microsoft in the initial advisory. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

An estimated 1 million computers were running exploitable operating systems when the patch was issued in May, but SANS researchers discovered that many of them remained unpatched. Simply put, Microsoft”s patch was mostly ignored by individuals and companies alike.

“As we may see, the percentage of vulnerable systems seems to be falling more or less steadily for the last couple of months and it appears that media coverage of the recent campaign didn”t do much to help it,” according to SANS researchers. “And since there still appear to be hundreds of thousands of vulnerable systems out there, we have to hope that the worm everyone expects doesn”t arrive any time soon.”

The number of systems vulnerable to BlueKeep is dropping, but not fast enough. A workaround for the exploit without installing the patch requires disabling the RDP feature altogether if it”s not used.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read