Microsoft warns users again to fix Wormable's BlueKeep defect

by



[ad_1]

Microsoft warns users again to fix Wormable's BlueKeep defect

Microsoft has issued a second warning for users of older versions of Windows to fix their systems to prevent potential attackers from abusing the critical running vulnerability. remote desktop services (RDS) remote code called BlueKeep.

The first time, Microsoft released a security patch designed to protect Windows computers running vulnerable RDS installations and block any malicious program that exploits the flaw as CVE-2019-0708 and spreads between uncorrected machines.

Comparison with EternalBlue and WannaCry

This time, the Redmond recommendation remains the same, and we strongly recommend that all affected systems be updated as soon as possible.This vulnerability may not be integrated with malware. the way to bet. "

To show how quickly a serious vulnerability could have very serious consequences, Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), drew a parallel with the exploitation scenario of the EternalBlue vulnerability.

According to Pope, although users had close to 60 days to fix the problem after Microsoft released a security update for SMBv1 vulnerabilities, many machines had not been corrected, which led them to fix the problem. to be infected with a ransomware after ShadowBrokers made public the EternalBlue exploit in April 2017..

A month later, in May 2017, hundreds of thousands of exposed Windows machines were compromised with the help of the EternalBlue exploit, and then infected with the WannaCry ransomware.

As part of the initial warning, Microsoft said that "the vulnerability is" vermicular "and that future malware that would exploit it could spread from a vulnerable computer to a vulnerable computer of the same way that the WannaCry malware spread around the world in 2017. "

Microsoft now reminds all users of earlier versions of Windows affected by the vulnerability – supported versions (Windows 7, Windows Server 2008 R2 and Windows Server 2008) and unsupported (Windows XP and Windows 2003) – patch their systems as soon as possible.

"Microsoft is convinced that there is an exploit for this vulnerability and, while recent reports are accurate, nearly a million computers connected directly to the Internet are still vulnerable to CVE-2019-0708. Many other networks within companies can also be vulnerable, "says the magazine. Pope.

The download links to obtain the fix for all vulnerable systems are available below:

The 0patch platform has also released a hotfix for BlueKeep, in the form of a 22-instructions micropatch that can be used to protect servers still active against attempts to run without restarting computers.

PoC operates already available

It is essential to fix all vulnerable machines because more and more PoC exploits are surfacing, though, as Pope says, "It's only been two weeks since the fix was released and no worm sign "It's been reported for the moment." That does not mean we're out of the woods. "

Many security researchers have already created proof of concept exploits, although none of them has published the code publicly. He chose to show only video evidence to prevent malicious actors from getting their hands on an easy-to-use PoC code for the BlueKeep. default.

For example, researchers from Checkpoint and Kaspersky developed a proof-of-concept (DoS) code leading to White Death Screens (BSOD), the latter having also "developed detection strategies for exploitation attempts", which will be shared "with trusted partners sector ".

In addition, Zerodium has confirmed that BlueKeep is remotely exploitable without requiring authentication one day after Microsoft has released its patch.

Three days later, a security researcher Valthek also announced that he created his own version of the BlueKeep PoC exploit, which was confirmed later as a working PoC by Christiaan Beek, senior McAfee senior engineer.

[ad_2]

Source link