BlueKeep Warning Issued by Microsoft
Much like the NSA-authored worm that stolen by hackers, modified and foisted upon Internet users in the form of the WannaCry worm that infected hundreds of thousands of computers back in 2017, a new NSA worm called EternalBlue was stolen by a hacking group known as the Shadow Brokers and is set to be unleashed upon unpatched Windows 7 (and older versions of Windows ) computers as the BlueKeep worm.
The BlueKeep worm is a Remote Desktop Services Remote Code Execution Vulnerability. In plain English, that means it’s a security vulnerability present in Windows machines that can be exploited remotely without the knowledge of the computer’s owner. Just as concerning, BlueKeep can self-replicate and infect multiple machines on a network and this includes machines connected to the Internet. Microsoft says that BlueKeep is a critical vulnerability that needs to be addressed immediately.
BlueKeep does not affect Windows 8, 8.1 or Windows 10 users. But if you’re using Windows 7 (or older versions of Windows) your computers are vulnerable and exploitable. So, Heads up! Make sure you have the latest Windows updates and security patches. This might just be only the beginning for the increasingly vulnerable Windows 7 operating system. If you’re using Windows 7, it’s a good time to consider upgrading to Windows 10.
To learn more about BlueKeep and the Windows vulnerability, read the following article from the HIPAA Journal:
Fresh BlueKeep Warning Issued by Microsoft: Public Exploits Exist and Attacks Imminent
Microsoft has issued a fresh warning about the recently discovered BlueKeep vulnerability in Remote Desktop Services (CVE-2019-0708) following the online publication of proof-of-concept exploits for the flaw.
Microsoft released fixes for the flaw on May 14, 2019. As was the case with the vulnerability that was exploited in the WannaCry ransomware attacks in 2017, patches were also released for unsupported Windows versions.
The vulnerability is critical and could be exploited remotely via Remote Desktop Protocol (RDP) without any user interaction required. As one security researcher has shown, finding devices that have not been patched is far from difficult. Robert Graham of Errata Security performed a scan of the internet and found almost 1 million devices that have still not had the patch applied or protected using Microsoft’s recommended mitigations. Graham is not the only person to have performed scans for vulnerable devices. There has been a major increase in scans in recent days. It appears that cybercriminals are preparing for attacks.
The fresh warning is an unusual step for Microsoft to take. It has satisfied its obligations through the release of patches and has even issued patches for unsupported Windows versions. The decision to release a further warning was due to the growing risk of exploitation of the vulnerability. Several security firms claim to have developed exploits for the flaw and proof-of-concept exploit code has now been leaked online. Microsoft is confident that viable exploits exist for the vulnerability…
The latest flaw does not affect Windows 8 and Windows 10, but older Windows versions – Windows XP, Windows 7, Windows 2003 and Windows Server 2008 – are vulnerable. Many businesses have upgraded to Windows 10, but legacy Windows operating systems are still extensively used in healthcare, at least on some devices.
The advice from Microsoft has not changed. “We strongly advise that all affected systems should be updated as soon as possible,” said Pope. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.”
The NSA has also issued an alert via its Central Security Service division in an attempt to prevent another global malware attack like WannaCry, which used the NSA-developed EternalBlue exploit.