UPDATE 20190528: Rob Graham posted some analysis indicating close to a million systems directly exposed to the internet are vulnerable. UPDATE 20190531: An excellent technical analysis and writeup of BlueKeep from 20190530: Additional Guidance from Microsoft, again, urging users to patch. UPDATE 20190603: Additional exposure analysis from Intrigue.io, indicating at least 17 of the Fortune 500 are still vulnerable to Bluekeep. UPDATE 20190604: Notice of a functional, private MSF module posted by to Twitter. UPDATE 20190604: The NSA is now urging organizations to patch. UPDATE 20190719: A technical document from Keenlab was posted detailing how to exploit the vulnerability. UPDATE 20190723: A working exploit is now available in Immunity Canvas. Contact Integrated Axis Group, LLC, at (877)220-1910 to implement the mitigations outlined by Microsoft and the CISA.UPDATE 20190906: Rapid7 published a Bluekeep Metasploit module in a Pull Request on Github, after holding it back from the public since its existence was announced in May. We encourage our customers and any other Windows users to act immediately. Block Transmission Control Protocol port 3389 at the enterprise perimeter firewall.Users should follow the recommended mitigations Microsoft and CISA have outlined below: BlueKeep is similar to the WannaCry malware attacks of 2017 in that it’s capable of rapidly spreading because the vulnerability is considered “wormable.” What should I do about it? To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.”Įssentially, an attacker can exploit this vulnerability to take control of an affected system. An attacker could then install programs view, change, or delete data or create new accounts with full user rights.
An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. This vulnerability is pre-authentication and requires no user interaction. “A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Microsoft explains the Security Vulnerability as stated below: What is BlueKeep?īlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: The CISA has joined Microsoft, the National Security Agency and others in alerting system administrators of the seriousness of the vulnerability, comparing it to the 2017 WannaCry attack. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is urging Windows users to update their machines as soon as possible after developing a working exploit for the BlueKeep vulnerability.
0 kommentar(er)
