A Million PCs May Be Vulnerable to BlueKeep Malware, Microsoft Urges Users to Patch

A Million PCs May Be Vulnerable to BlueKeep Malware, Microsoft Urges Users to Patch

Microsoft took the unusual step of issuing a security patch for long since discontinued operating systems like Windows XP and Server 2003 in mid-May. It said at the time that a newly discovered vulnerability in older versions of Windows had the potential to devastate computers on a scale similar to the WannaCry ransomware in 2017. The update has been available for weeks, but many systems remain unpatched, and Microsoft is confident exploits for the “BlueKeep” flaw now exist in the wild.

It took Microsoft years to rid itself of Windows XP support, which it finally did back in 2017. Yet, there are still millions of computers running XP, and many of them are part of critical infrastructure and enterprise environments where newer operating systems won’t work.

When announcing the patch, Microsoft opted to keep details of the flaw (CVE-2019-0708) secret. It said the vulnerability (now known as BlueKeep) was “wormable,” meaning it could spread between infected systems like WannaCry did. All Microsoft would say was that it had something to do with the Remote Desktop component of Windows. Windows 8 and 10 are both fully protected, though.

Security researchers have noted that it was easy to develop exploits for BlueKeep, but they’ve decided not to post proof of concept code as the vulnerability is too dangerous. Still, Microsoft is now “confident” that an exploit exists in the wild. By sending a specially crafted Remote Desktop Protocol (RDP) request, an attacker can run arbitrary code on a computer. That could be used to install malware, steal data, and even lock a system down with ransomware.

A security update addressing CVE-2019-0708 was released on May 14 2019, but recent public reports indicate nearly one million computers are still vulnerable.

Microsoft strongly advises that all affected systems should be updated as soon as possible. https://t.co/lRaCfWgivs

— Security Response (@msftsecresponse) May 31, 2019

Currently, security experts have estimated that about one million Windows boxes connected directly to the internet are vulnerable to BlueKeep. That may just be the tip of the iceberg — a vulnerable machine could act as a gateway into internal networks where there are more wormable systems.

Simon Pope, Microsoft’s director of Incident Response is again urging everyone to update their systems with the latest patch. Windows 7 and newer server platforms have all been updated automatically, but Windows XP and Server 2003 need a manual update. Many of those systems are probably on autopilot without anyone on hand to seek out new patches. A BlueKeep worm could be inevitable at this point.

Continue reading

Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal
Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal

Known simply as 2FA Authenticator, the app picked up more than 10,000 installs until security researchers identified it as a vehicle for trojan-dropper malware.

Clever Malware Masquerades as Windows 11 Installer
Clever Malware Masquerades as Windows 11 Installer

A Russian website disguised as an official Microsoft page is distributing an "upgrade installer" that won't get you Windows 11. What it will get you is a bunch of malware.

Researchers Devise Malware That Runs When an iPhone is Powered Off
Researchers Devise Malware That Runs When an iPhone is Powered Off

The iPhone's low-power mode allows users to access Express cards and locate lost devices even when the phone is turned off—but it also presents a concerning security vulnerability.

Google Warns of Sophisticated Malware Distributed With The Help of ISPs
Google Warns of Sophisticated Malware Distributed With The Help of ISPs

According to Google's Threat Analysis Group (TAG), this spyware was developed by an Italian company called RCS Labs. The firm claims to be on the right side of the law, but that doesn't change the fact its software is being used to breach user privacy.