A Widespread BlueKeep 'Exploit' Is Targetting Unpatched Windows 7/XP Computers (forbes.com) 38
An anonymous reader quotes Forbes:
When Microsoft issued the first patch in years for Windows XP in May 2019, you knew that something big was brewing. That something was a wormable Windows vulnerability that security experts warned could have a similar impact as the WannaCry worm from 2017. The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2: and it's now been confirmed that a BlueKeep exploit attack is currently ongoing...
Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins (also known as MalwareTech) who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is now currently underway. Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale." It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.
While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the 700,000 or so still vulnerable Windows systems to get patching... Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability?
Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins (also known as MalwareTech) who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is now currently underway. Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale." It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.
While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the 700,000 or so still vulnerable Windows systems to get patching... Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability?
Remote desktop vulnerablity - just turn it off (Score:4, Insightful)
windows (Score:1)
most of the people just believe their systems are protected behind a firewall... port knocking etc is just asking for trouble...
frankly this might be the only way to get them to "upgrade"
Re: (Score:2)
frankly this might be the only way to get them to "upgrade"
There's a section of users that would never upgrade, as long as machine keeps doing its job to an 'acceptable' degree. Especially users that run outdated OS versions. One's definition of 'acceptable' tends to vary of course.
To such users it doesn't matter if machine is riddled with malware, looses X percent cpu, or (potentially) compromises confidential data stored on it. As long as it keeps working well enough to play some silly online game, check their e-mail or whatever. They will upgrade when hardwar
Re: (Score:2)
Sadly, I know people like that. My wife's friend has very bad internet habits, and every time she visits she hands me a laptop so infested that it's gained sentience. The complaint is invariably "this laptop is slow again, can you fix it please?" I do what I can, and update her antivirus while I'm at it, but next time she hands it to me it's just as infested. Every once in awhile she buys a new laptop thinking that'll fix the problem. And it does. For awhile.
chromeOS (Score:3)
for those people who have bad internet habits I look to what schools (kids being exceptionally good at running things they should not)
they are turning to ChromeOS
http://www.chromium.org/chromium-os/
https://www.neverware.com/
Re: (Score:1)
I just put her on Linux with automatic backups and automatic updates.
Problem solved. Last PC of my mother ran without issues until the hardware failed.
Re:windows (Score:4, Insightful)
Funny though how you blame the user for this, and not the software manufacturer of said machine.
With any other product, it is just supposed to work until it breaks. Hell, some products even disallow or at least discourage the user to open the device or perform maintenance.
However, when it comes to computers we suddenly expect the user to be an engineer working on a wobbly makeshift system and blame granddad when he can't.
Re: (Score:2)
You cant fix stupid.
Re: (Score:1)
frankly this might be the only way to get them to "upgrade"
There are plenty of display screens (advertising, directory, information/maps) in hospital environments that are still running Windows Vista, XP and even... CE! These are only going to be upgraded when they get a hardware failure that can't be fixed.
Re: (Score:3)
Windows XP Embedded systems probably won't be "upgraded" for another decade or so. It's a different problem than just handing Mr. Gates a couple bills for another iteration of Windows.
Keep in mind that Windows 98 (yes, I did say Windows 98, which is now old enough to drink) still exists in the wild today in embedded systems. You ever wonder why those soda can recycling machines work so crappy?
port knocking (Score:2)
is not scaleable and show's you don't have a good Public key infrastructure method for security
Re: (Score:2)
Re:windows (Score:5, Insightful)
frankly this might be the only way to get them to "upgrade"
There are some people, perhaps many, that don't want the advanced "features" of Windows 10 (telemetry, forced reboots during an inconvenient time, hard drive data loss, broken DHCP client, tablet GUI, etc).
Many years ago I never shied away from running Windows updates. I knew they were going to fix things and make them more better. Not anymore. I need a functioning workstation that doesn't pilfer through my data.
Re: (Score:2)
Yep. They burned that last tiny bit of trust when they started pushing their PC-as-a-tablet shitware out over the normal upgrade channel.
Re: (Score:2)
s/upgrade/update/
Insufficient caffeine level detected.
Re: (Score:2)
Ultra VNC. Disable remote desktop. (Score:2)
Mod parent comment up.
How do I disable remote desktop in Windows? [ktar.com]
Remote Desktop -- Easily Disable It [lifewire.com]
Re: (Score:1)
Ultra VNC remote access [uvnc.com] has been good for us.
Is that using the same VNC protocol that for years enabled clients to authenticate by specifying that they just didn't fancy using password authentication right now, thank you very much?
Re: (Score:2)
Re: (Score:3)
omg that's terrible (Score:1)
... I said, without real conviction.
People don't secure their machines (Score:5, Insightful)
Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability?
You think people who are still using XP follow security blogs or subscribe to CERT (or whatever agency is your country)?
Maybe some of the people running 7 do. Some of those people are technically savvy. Running XP? No way. Even a hospital's IT department doesn't know what to do with that crap other than air gap it.
Mostly Sensationalism (Score:2)
" the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. "
Yeah. . . . . . no. The likelihood of this is pretty slim. Unless you're running a honeypot, you're not going to expose a Microsoft OS based system directly to the internet. Ever. For any reason. Unless you're an idiot.
"Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the u
Re: (Score:3)
Yeah. . . . . . no. The likelihood of this is pretty slim. Unless you're running a honeypot, you're not going to expose a Microsoft OS based system directly to the internet. Ever. For any reason. Unless you're an idiot.
There's no shortage of idiots.
I trust my router / firewall ( It's an enterprise class router ) and its ACL statements FAR more than I trust an update from Microsoft these days.
Amen to that. But just remember, it's safe to assume that lots of people are idiots.
I thought 7 was dead? (Score:3)
Re: (Score:2)
I don't care (Score:2)