Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Windows Microsoft Security

A Widespread BlueKeep 'Exploit' Is Targetting Unpatched Windows 7/XP Computers (forbes.com) 38

An anonymous reader quotes Forbes: When Microsoft issued the first patch in years for Windows XP in May 2019, you knew that something big was brewing. That something was a wormable Windows vulnerability that security experts warned could have a similar impact as the WannaCry worm from 2017. The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2: and it's now been confirmed that a BlueKeep exploit attack is currently ongoing...

Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins (also known as MalwareTech) who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is now currently underway. Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale." It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.

While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the 700,000 or so still vulnerable Windows systems to get patching... Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability?

This discussion has been archived. No new comments can be posted.

A Widespread BlueKeep 'Exploit' Is Targetting Unpatched Windows 7/XP Computers

Comments Filter:
  • by qubezz ( 520511 ) on Sunday November 03, 2019 @07:46PM (#59376668)
    If you have and trust Windows remote desktop and user security on the Internet, then you were already asking for trouble. If you don't want to just disable the checkbox in "system" and disable the service, you can also hack the registry to move RDP to a higher port, and require port-knocking in your firewall to open it.
    • most of the people just believe their systems are protected behind a firewall... port knocking etc is just asking for trouble...

      frankly this might be the only way to get them to "upgrade"

      • frankly this might be the only way to get them to "upgrade"

        There's a section of users that would never upgrade, as long as machine keeps doing its job to an 'acceptable' degree. Especially users that run outdated OS versions. One's definition of 'acceptable' tends to vary of course.

        To such users it doesn't matter if machine is riddled with malware, looses X percent cpu, or (potentially) compromises confidential data stored on it. As long as it keeps working well enough to play some silly online game, check their e-mail or whatever. They will upgrade when hardwar

        • Sadly, I know people like that. My wife's friend has very bad internet habits, and every time she visits she hands me a laptop so infested that it's gained sentience. The complaint is invariably "this laptop is slow again, can you fix it please?" I do what I can, and update her antivirus while I'm at it, but next time she hands it to me it's just as infested. Every once in awhile she buys a new laptop thinking that'll fix the problem. And it does. For awhile.

          • for those people who have bad internet habits I look to what schools (kids being exceptionally good at running things they should not)

            they are turning to ChromeOS

            http://www.chromium.org/chromium-os/

            https://www.neverware.com/

          • My mother (in-law) is as bad like that with computers.
            I just put her on Linux with automatic backups and automatic updates.
            Problem solved. Last PC of my mother ran without issues until the hardware failed.
        • Re:windows (Score:4, Insightful)

          by xonen ( 774419 ) on Monday November 04, 2019 @05:41AM (#59377844) Journal

          Funny though how you blame the user for this, and not the software manufacturer of said machine.

          With any other product, it is just supposed to work until it breaks. Hell, some products even disallow or at least discourage the user to open the device or perform maintenance.

          However, when it comes to computers we suddenly expect the user to be an engineer working on a wobbly makeshift system and blame granddad when he can't.

      • by Anonymous Coward

        frankly this might be the only way to get them to "upgrade"

        There are plenty of display screens (advertising, directory, information/maps) in hospital environments that are still running Windows Vista, XP and even... CE! These are only going to be upgraded when they get a hardware failure that can't be fixed.

      • Windows XP Embedded systems probably won't be "upgraded" for another decade or so. It's a different problem than just handing Mr. Gates a couple bills for another iteration of Windows.

        Keep in mind that Windows 98 (yes, I did say Windows 98, which is now old enough to drink) still exists in the wild today in embedded systems. You ever wonder why those soda can recycling machines work so crappy?

      • Re:windows (Score:5, Insightful)

        by webnut77 ( 1326189 ) on Monday November 04, 2019 @01:54AM (#59377454)

        frankly this might be the only way to get them to "upgrade"

        There are some people, perhaps many, that don't want the advanced "features" of Windows 10 (telemetry, forced reboots during an inconvenient time, hard drive data loss, broken DHCP client, tablet GUI, etc).

        Many years ago I never shied away from running Windows updates. I knew they were going to fix things and make them more better. Not anymore. I need a functioning workstation that doesn't pilfer through my data.

      • by EvilSS ( 557649 )
        It's worth pointing out that MS issued a public patch for this exploit for XP/2003/Vista systems back in may: https://support.microsoft.com/... [microsoft.com]
    • these people don't even patch. You are a step well beyond their comprehension.
      • Correct. These are the people that must have installed Never10, and took precautions to keep the spyware services off their system. They learned that you can never trust an update from Microsoft again.
  • ... I said, without real conviction.

  • by Torodung ( 31985 ) on Sunday November 03, 2019 @08:24PM (#59376776) Journal

    Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability?

    You think people who are still using XP follow security blogs or subscribe to CERT (or whatever agency is your country)?

    Maybe some of the people running 7 do. Some of those people are technically savvy. Running XP? No way. Even a hospital's IT department doesn't know what to do with that crap other than air gap it.

  • " the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet. "

    Yeah. . . . . . no. The likelihood of this is pretty slim. Unless you're running a honeypot, you're not going to expose a Microsoft OS based system directly to the internet. Ever. For any reason. Unless you're an idiot.

    "Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the u

    • Yeah. . . . . . no. The likelihood of this is pretty slim. Unless you're running a honeypot, you're not going to expose a Microsoft OS based system directly to the internet. Ever. For any reason. Unless you're an idiot.

      There's no shortage of idiots.

      I trust my router / firewall ( It's an enterprise class router ) and its ACL statements FAR more than I trust an update from Microsoft these days.

      Amen to that. But just remember, it's safe to assume that lots of people are idiots.

  • by AndyKron ( 937105 ) on Sunday November 03, 2019 @10:20PM (#59377092)
    I just turned on a Windows7 laptop (Thinkpad R60) today for the first time in a year or so, and spent the entire afternoon waiting for an update, reboot, installing, reconfiguring, rebooting bla bla bla. I thought Win7 updates were no more? WRONG.
  • Just turn off Remote Desktop. Better that way. Besides, it only makes sense on Windows servers on private network.

...though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"

Working...