Microsoft Urges Businesses to Patch BlueKeep Flaw

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Urges Businesses to Patch BlueKeep Flaw


Fearing another worm of WannaCry severity, Microsoft warns vulnerable users to apply the software update for CVE-2019-0708.



Microsofts Security Response Team (MSRC) is warning organizations to patch BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability it fixed earlier this month.
The flaw is in Remote Desktop Services (RDS), formerly known as Terminal Services, and affects some older versions of Windows. Its pre-authentication and requires no user interaction; future malware that successfully exploits the bug could spread across vulnerable machines. Fearing this, Microsoft took the
unusual step
of issuing fixes for out-of-support systems Windows 2003 and XP, and still-supported Windows 7, Server 2008, and Server 2008 R2.
When it released the patch on May 14, Microsoft had not seen BlueKeep exploited in the wild but
said
it was highly likely cybercriminals would write an exploit and build it into malware.
Now, Microsoft is confident an exploit exists for this vulnerability, security officials said in an
blog
 published late last week. Nearly one million Internet-connected machines remain vulnerable to CVE-2019-0708, they note, citing
research
from Errata Security.
It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise, the MSRC post said. The scenario is even more dangerous for those who neglected to update internal systems, they continue, as future malware could try to exploit vulnerabilities that have already been patched.
At the time of publication, officials hadnt seen signs of a worm – but this doesnt mean were out of the woods, they said, pointing to the WannaCry timeline: Microsoft issued security fixes for a set of SMBv1 vulnerabilities on March 14, 2017. One month later, the Shadowbrokers publicly released a set of exploits, including a wormable exploit dubbed EternalBlue, leveraging the same SMBv1 vulnerabilities. Less than a month later, EternalBlue was used in WannaCry.
Despite having nearly 60 days to patch their systems, many customers had not, they wrote.
Researchers at Kenna Security have been monitoring for activity around CVE-2019-0708 since its patch was released and can
confirm
attempts are being made to reverse the patch and build an exploit. Like Microsoft, they believe theres a high likelihood BlueKeep will be exploited.
We have seen a number of public attempts to create reliable exploits, with work still ongoing, says Jonathan Cran, Kenna Securitys head of research. Given this activity, its reasonable to expect that there [is] an even larger number of folks working on it privately.
Based on what researchers have seen, he says, most organizations are still running a significant number of vulnerable systems, particularly those still in support contracts: Windows 7 and Server 2008.
These systems are often configured with Remote Desktop Protocol (RDP), he says, which Microsoft says is not vulnerable but is part of the attack chain exploiting RDS. Authenticated attackers could exploit BlueKeep by connecting to a target system via RDP and sending specially crafted requests. If successful, they could execute code on a target system. Even if Windows 7 and Server 2008 are not exposed to the Internet, theyre susceptible to exploitation via a multi-pronged attack – similar to what weve seen with NotPetya using EternalBlue, he explains.
Could BlueKeep serve as a gateway to the next WannaCry? Cran points out that while one million is a significant number, there are fewer systems exposing RDP to the Internet compared with the number exposing SMB ahead of WannaCry. Further, RDP has long been considered somewhat safe to expose to the Internet, as there has never been a wormable vulnerability in the protocol.
Thats now changed, and security teams must now deal with this new reality, Cran continues. Following WannaCry and Petya/NotPetya, security awareness has improved among employees and consumers. While its unlikely BlueKeep could cause as much damage as quickly as the other attacks did, that doesnt mean it wont be seen in the wild.
Jérôme Segura, head of threat intelligence at Malwarebytes, predicts attackers will waste no time in weaponizing a proof of concept should it land in their hands. Comparing BlueKeep to WannaCry serves as a reminder of the costly consequences of a worm attack, he adds.
Attacks leveraging BlueKeep could range from crashing computers for fun to loading malicious code onto them, says Segura. In either case, the impact on businesses that use legacy systems and arent able to patch could be costly. Of course, one of the many challenges in patching is system visibility: Many organizations may not be aware their networks still run legacy systems.
Still, even if they know about legacy systems, patching is a challenge. Security teams typically apply security updates on a monthly or quarterly basis, says Cran. Something like BlueKeep forces them to consider an out-of-cycle process, driving the potential for downtime.
Related Content:
When Older Windows Systems Wont Die

Focusing on Endpoints: 5 Steps to Fight Cybercrime
WannaCry Lives On in 145K Infected Devices
Docker Vulnerability Opens Servers to Container Code

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Urges Businesses to Patch BlueKeep Flaw