[ad_1]
Microsoft warns that the Internet could see another feat the size of the WannaCry attack that shut down computers around the world two years ago, unless people fix a very serious vulnerability. The software maker made the unusual decision to bring the newly released patch for Windows 2003 and XP in the background, which had not been supported for four and five years, respectively.
"This vulnerability is pre-authentication and does not require any user interaction," wrote Simon Pope, director of incident response for the Microsoft Security Response Center, in a published article that coincided with the release of the release. Tuesday of the company, May Update. "In other words, the vulnerability is" vermicular ", which means that any future malware exploiting this vulnerability could spread from a vulnerable computer to a vulnerable computer in the same way as the malicious WannaCry malware. spread throughout the world in 2017. We have observed no exploitation of this vulnerability, it is very likely that malicious actors write a exploit for this vulnerability and incorporate it into their malicious programs. "
As if a self-replicating code execution vulnerability was not serious enough, CVE-2017-0708, because the flaw in Windows Remote Desktop Services is indexed, requires low complexity to exploit. The Microsoft Common Vulnerability Rating System Calculator attributes this complexity to 3.9 out of 10. (To be clear, the WannaCry developers had a powerful exploit code written by the National Security Agency and stolen from the National Security Agency. in order to exploit CVE-2017-0145, where the complexity of the farms was described as "high"). However, developing a reliable operating code for this latest Windows vulnerability will require relatively little work.
"Exploitation of the vulnerability, described in the notice, would simply require that someone send specific packets over the network to a vulnerable system with RDP service," said Brian Bartholomew, researcher on security in the global team of analysis and research of Kaspersky Lab. , says Ars in an email. "In the past, the exploits for this service were fairly easy to design once the fix was reversed. My best guess is that someone will publish a feat for this in the coming days. "
Bartholomew said that network firewalls and other defenses blocking the RDP service would effectively prevent the attack from occurring. But as the world has learned in the WannaCry attacks, these measures often fail to contain damage that can collectively cost billions of dollars.
Kevin Beaumont, independent researcher, citing queries on the Shodan search engine for computers connected to the Internet, says here about 3 million RDP endpoints are directly exposed.
Update Security update very important for Windows ? CVE-2018-0708 allows remote code execution, unauthenticated, is RDP (Remote Desktop). A very bad thing against which you should patch. About 3 million RDP terminals are directly exposed to the Internet. https://t.co/EAdg3VNMjw pic.twitter.com/u2V3uyoyVs
– Kevin Beaumont (@GossiTheDog) May 14, 2019
In addition to Windows 2003 and XP, CVE-2019-0708 also affects Windows 7, Windows Server 2008 R2, and Windows Server 2008. As proof of the ever-improving security of Microsoft, later versions of Windows are not in danger .
"Clients running Windows 8 and Windows 10 are not affected by this vulnerability, and it's no coincidence that later versions of Windows are not affected," wrote Pope. "Microsoft is investing heavily in enhancing the security of its products, often through major architectural improvements that it's not possible to transfer to earlier versions of Windows."
The subtext is that while anyone still using a vulnerable version of Windows should apply a fix immediately, the smartest long-term solution is to upgrade to Windows 8 or 10 in the near future.
Microsoft has credited the UK's National Cyber Security Center for reporting the vulnerability in private. While Microsoft has stated that it has not observed any exploits in the wild, it has not yet determined with precision such an old and severe vulnerability.
"One wonders well, how did they find it in the first place?" Said Bartholomé of Kaspersky Lab. "Have they seen this during attacks elsewhere? Was it an old feat that had been used by friendly governments in the past and that works now? Has this feat been disclosed in one way or another and is it proactive? Of course, we will probably never know the real answer, and honestly, there is nothing to be said at this point, but there may be something here to dig into. "
[ad_2]
Source link