Skip to main content
Tag

BlueKeep

|||||

Microsoft Still Urging Users to Patch Against BlueKeep Attacks

By News, Patch ManagementNo Comments

Microsoft Still Urging Users to Patch Against BlueKeep Attacks

Microsoft is urging its customers to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability.

BlueKeep Attacks Still Going Strong

Microsoft is urging its customers (once again!) to patch their Windows systems following the report of widespread attacks based on the BlueKeep vulnerability.

The BlueKeep vulnerability (CVE-2019-0708) affects Windows Remote Desktop Services and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Prototol (RDP) requests. Microsoft released patches for the vulnerability, including for unsupported versions of Windows, back in May.

Last week, it was reported that multiple honeypots, provided by researcher Kevin Beaumont, started crashing and rebooting since late October. It was then realized that the BlueKeep ‘Metasploit’ module was weaponized to deliver a Monero cryptocurrency miner.

BlueKeep Causing Crashes in the Wild

Recent in-the-wild attacks aren’t just affecting unpatched machines. It turns out the exploits, which repurpose the September release from the ‘Metasploit’ framework, are also causing many patched machines to crash as a result of a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs.

These crashes have also caused many to discount the potential severity of the BlueKeep vulnerability; however, Microsoft urges otherwise.

“Security signals and forensic analysis show that the BlueKeep Metasploit module caused crashed in some cases, but we cannot discount enhancements that will likely result in more effective attacks,” stated Microsoft. “In addition, while there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.”

Marcus Hutchins, aka MalwareTech, the British researcher who helped Microsoft and Beaumont analyze the BlueKeep attacks, pointed out that attackers do not need to create a worm to launch profitable attacks and users should not ignore the threat just because a worm has not yet been created.

Microsoft’s Advice to Users

Microsoft repeated their previous advice since the BlueKeep exploit was made public: patch your systems immediately.

There are still roughly 700,000 systems that appear to be vulnerable (Windows 7, Windows Server 2008 R2, and Windows Server 2008) to BlueKeep attacks and even with news of the first wave of attacks in the wild in the last month, it still doesn’t appear to have had any positive impact on patching efforts.

How to Prevent BlueKeep Attacks

Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||||

Windows 10 1909 is Preparing for Release this Month

By NewsNo Comments

Windows 10 1909 is Preparing for Release this Month

Microsoft is eagerly preparing Windows 10’s November 2019 Update for release in the coming weeks—the easiest and quickest Feature Update yet.

What to Expect from the Windows 10 November Update

Microsoft is eagerly preparing Windows 10’s November 2019 Update for release within the next few weeks. Codenamed 19H2, the November release will be referred to as “version 1909,” and will be the smallest, quickest, and easiest Feature Update yet.

Contrary to the 1903 (May 2019) Update that included a mass collection of enhancements and features, the next release “will be a scoped set of features for select performance improvements, enterprise features, and quality enhancements,” stated Microsoft. Put simply, this next feature update will be more like a service pack or cumulative update and shouldn’t affect end-users as much as any previous update has done.

Since the Windows 7 operating system is quickly coming to an end on January 14, 2020, Microsoft has been striving to get this one right, and there’s testament to that. As of September 5, Microsoft stated that every Windows Insider in the “Release Preview” ring has been offered this new November update. When the October 2018 Update was released last year, there was zero testing in the “Release Preview” and thus a whole slew of issues arose, leaving a distinctly sour taste for many users. On October 10th, Microsoft stated that Windows Insiders in the Release Preview ring already attained what Microsoft expects as the final build.

New Features in Windows 10 1909

Here is the list of new features being introduced as part of the newest update (as provided directly from Microsoft):

  • Third-party digital assistants can active above the Lock screen using voice commands
  • Quickly create an event straight from the Calendar flyout on the Taskbar. Just select the date and time at the lower right corner of the Taskbar to open the Calendar flyout and pick your desired date and start typing in the text box – you’ll now see inline options to set a time and location
  • The navigation pane on the Start menu now expands when you hover over it with your mouse to better inform where clicking goes
  • Friendly images to show what is meant by “banner” and “Action Center” when adjusting the notifications on apps in order to make these settings more approachable and understandableand start typing in the text box – you’ll now see inline options to set a time and location
  • Notifications settings under Settings > System > Notifications will now default to sorting notifications will now default to sorting notification senders by most recently shown notification, rather than sender name. This makes it easier to find and configure frequent and recent senders. Microsoft has also added a setting to turn off playing sound when notifications appear
  • Options shown to configure and turn off notifications from an app/website right on the notification, both as a banner and in Action Center
  • Manage notifications” button to the top of Action Center that launches the main “Notifications & actions” Settings page
  • Additional debugging capabilities for newer Intel processors (only for hardware manufacturers)
  • General battery life and power efficiency improvements for PCs with certain processors
  • A CPU may have multiple “favored” cores (logical processors of the highest available scheduling class). To provide better performance and reliability, a rotation policy that distributes work more fairly among these favored cores has been implemented
  • Windows Defender Credential Guard for ARM64 devices has been enabled for additional protection against credential theft for enterprises deploying ARM64 devices in their organizations
  • The search box in File Explorer has been updated to now be powered by Windows Search. This change will help integrate OneDrive content online with the traditional indexed results
  • Added ability for Narrator and other assistive technologies to read and learn where the FN key is located on keyboards and what state it is in (locked versus unlocked)

Like any Feature Update, it can be deferred on business editions of Windows 10 leveraging Group Policy or Windows Update for Business settings. Organizations that run Windows 10 Enterprise edition version 1909 will have full update support for 30 months (like any Fall Update), until well into 2022.

Manage and Secure Your Environment

Easily deploy Windows Feature Updates with Syxsense Manage and Syxsense Secure. View an accurate count of all your Windows 10 devices and what version of Win10 is installed. Get started with a free trial of one of our simple and powerful solutions.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

BlueKeep Attacks Arrive with Cryptomining Malware

By NewsNo Comments

BlueKeep Attacks Arrive with Cryptomining Malware

The first wave of attacks exploiting the BlueKeep vulnerability have been detected by security researchers. What actions should your IT team take?

The First BlueKeep Attacks Have Struck

The first wave of attacks exploiting the BlueKeep vulnerability have been detected by security researchers; however, the flaw is not being used as a self-spreading worm, as Microsoft was initially warning about since May of this year.

The recent attacks have instead been using a demo BlueKeep exploit to hack into these unsecured and unpatched Windows systems to install a cryptocurrency miner, stealing processing resources from various devices across the globe.

Interestingly, instead of a worm that migrates automatically and spreads instantaneously, the attackers have leveraged the vulnerability’s replicating capability to scan for other vulnerable devices in the Internet to exploit.

What Security Researchers Learned About BlueKeep

Researcher Kevin Beaumont, the expert who named the vulnerability BlueKeep, has been running a worldwide honeypot network (named BluePot) in an effort to catch exploitation attempts. The apparent attacks appear to have begun on October 23, when Beaumont’s honeypots started crashing and rebooting, but he only realized it was due to BlueKeep attack attempts on November 2.

Beaumont analyzed the attacks with assistance from British researcher Marcus Hutchins and they determined that the attackers behind the campaign have been leveraging a BlueKeep ‘Metasploit’ module, released in early September of this year, to then deliver a Monero miner. Monero is a cryptocurrency that relies on proof-of-work mining to achieve distributed consensus.

According to various sources, the hackers do not appear to have attempted to create a worm that spreads inside a network and Beaumont stated that the attacks crashed 10 of the 11 honeypots he was running.

“In conclusion, so far the content being delivered with BlueKeep appears to be frankly a bit lame – coin miners aren’t exactly a big threat – however it is clear people now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later’,” Beaumont wrote in a blog post.

How to Handle BlueKeep

It’s clear the BlueKeep vulnerability is still dangerous and can cause disastrous consequences; however, at this time, attackers just haven’t gotten it right.

But why take your chances? The Bluekeep vulnerability (CVE-2019-0708) has patches available from Microsoft for the operating systems it affects:

  • Windows XP
  • Windows Server 2003 R2
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2

Syxsense Manage and Syxsense Secure can easily resolve the vulnerability across the entire environment with a Patch Deploy Task. Simply target all devices for the BlueKeep updates (provided by Syxsense) at a time that’s best for the organization, and rest assured the vulnerability will be remediated within no time.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
|||

BlueKeep: There’s a Report For That

By Patch ManagementNo Comments

BlueKeep: There’s a Report For That

BlueKeep exploits are on the rise—Syxsense allows you to see which of your devices are affected by this critical vulnerability.

With BlueKeep exploits looming large, knowing your exposed risk could save your time, money and business.

Syxsense has added the “BlueKeep At Risk Devices” report to every console. Our dynamic architecture helps you stay on top of emerging threats. To run the report, just go to reports, find BlueKeep and press the button.

In seconds, you will see a list of every device that hasn’t been scanned for the vulnerability and every device where the risk is detected. With a few more clicks you can deploy the patch to every device, rerun the report and prove to management that you are 100% compliant.

Click, know the facts, and secure. Experience a complete view of your IT environment with Syxsense.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

NSA Urging Users to Patch BlueKeep Vulnerability

By News, Patch ManagementNo Comments

NSA Urging Users to Patch BlueKeep Vulnerability

The National Security Agency (NSA) is warning users that a new RDP vulnerability affecting Windows 7 and Windows XP systems is potentially “wormable."

The National Security Agency has recently issued an urgent advisory to all Windows-based administrators and users to ensure they are using a fully-patched and updated system.

Last month, Microsoft released additional security updates to protect against Bluekeep, a new security vulnerability considered a potentially ‘wormable’ flaw in the Remote Desktop (RDP) protocol (CVE-2019-0708). The vulnerability is present in the still-supported Windows 7, Vista, Server 2008 and Server 2008 R2, but also in legacy systems Windows XP and Server 2003, which is a rarity for Microsoft since Extended Support ended back in April of 2014.

The vulnerability can be easily exploited and weaponized by leveraging malware or even ransomware. Microsoft has even warned that the vulnerability can surely be as damaging as Wannacry. It only takes a bit of code designed to exploit it and spread pre-authentication without requiring any user interaction in the process. Once the vulnerability has been abused, it’s only a matter of time before it will infect not only the target host, but the rest of the environment, if left unpatched.

The NSA also believes this can easily evolve in time: “This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability. For example, the vulnerability could be exploited to conduct denial of service attacks. It is likely only a matter of time before remote exploitation code is widely available for this vulnerability. NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems.”

The solution is simple: patch all Windows devices not only for the latest vulnerability but always, and if the devices are outside of mainstream or even extended support, like the legacy operating systems, it’s best to migrate to Microsoft’s latest OS, Windows 10.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo