Microsoft Still Urging Users to Patch Against BlueKeep Attacks
BlueKeep Attacks Still Going Strong
Microsoft is urging its customers (once again!) to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability.
The BlueKeep vulnerability (CVE-2019-0708) affects Windows Remote Desktop Services and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Prototol (RDP) requests. Microsoft released patches for the vulnerability, including for unsupported versions of Windows, back in May.
Last week, it was reported that multiple honeypots, provided by researcher Kevin Beaumont, started crashing and rebooting since late October. It was then realized that the BlueKeep ‘Metasploit’ module was weaponized to deliver a Monero cryptocurrency miner.
BlueKeep Causing Crashes in the Wild
Recent in-the-wild attacks aren’t just affecting unpatched machines. It turns out the exploits, which repurpose the September release from the ‘Metasploit’ framework, are also causing many patched machines to crash as a result of a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs.
These crashes have also caused many to discount the potential severity of the BlueKeep vulnerability; however, Microsoft urges otherwise.
“Security signals and forensic analysis show that the BlueKeep Metasploit module caused crashed in some cases, but we cannot discount enhancements that will likely result in more effective attacks,” stated Microsoft. “In addition, while there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.”
Marcus Hutchins, aka MalwareTech, the British researcher who helped Microsoft and Beaumont analyze the BlueKeep attacks, pointed out that attackers do not need to create a worm to launch profitable attacks and users should not ignore the threat just because a worm has not yet been created.
Microsoft’s Advice to Users
Microsoft repeated their previous advice since the BlueKeep exploit was made public: patch your systems immediately.
There are still roughly 700,000 systems that appear to be vulnerable (Windows 7, Windows Server 2008 R2, and Windows Server 2008) to BlueKeep attacks and even with news of the first wave of attacks in the wild in the last month, it still doesn’t appear to have had any positive impact on patching efforts.
How to Prevent BlueKeep Attacks
Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.
Experience the Power of Syxsense
Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.