A Million PCs May Be Vulnerable to BlueKeep Malware, Microsoft Urges Users to Patch
Microsoft took the unusual step of issuing a security patch for long since discontinued operating systems like Windows XP and Server 2003 in mid-May. It said at the time that a newly discovered vulnerability in older versions of Windows had the potential to devastate computers on a scale similar to the WannaCry ransomware in 2017. The update has been available for weeks, but many systems remain unpatched, and Microsoft is confident exploits for the “BlueKeep” flaw now exist in the wild.
It took Microsoft years to rid itself of Windows XP support, which it finally did back in 2017. Yet, there are still millions of computers running XP, and many of them are part of critical infrastructure and enterprise environments where newer operating systems won’t work.
When announcing the patch, Microsoft opted to keep details of the flaw (CVE-2019-0708) secret. It said the vulnerability (now known as BlueKeep) was “wormable,” meaning it could spread between infected systems like WannaCry did. All Microsoft would say was that it had something to do with the Remote Desktop component of Windows. Windows 8 and 10 are both fully protected, though.
Security researchers have noted that it was easy to develop exploits for BlueKeep, but they’ve decided not to post proof of concept code as the vulnerability is too dangerous. Still, Microsoft is now “confident” that an exploit exists in the wild. By sending a specially crafted Remote Desktop Protocol (RDP) request, an attacker can run arbitrary code on a computer. That could be used to install malware, steal data, and even lock a system down with ransomware.
A security update addressing CVE-2019-0708 was released on May 14 2019, but recent public reports indicate nearly one million computers are still vulnerable.
Microsoft strongly advises that all affected systems should be updated as soon as possible. https://t.co/lRaCfWgivs
— Security Response (@msftsecresponse) May 31, 2019
Currently, security experts have estimated that about one million Windows boxes connected directly to the internet are vulnerable to BlueKeep. That may just be the tip of the iceberg — a vulnerable machine could act as a gateway into internal networks where there are more wormable systems.
Simon Pope, Microsoft’s director of Incident Response is again urging everyone to update their systems with the latest patch. Windows 7 and newer server platforms have all been updated automatically, but Windows XP and Server 2003 need a manual update. Many of those systems are probably on autopilot without anyone on hand to seek out new patches. A BlueKeep worm could be inevitable at this point.
Continue reading
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.
AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs
AMD has disclosed a potential security vulnerability on its Zen 3 CPUs with similarities to the Spectre attack from several years ago, but the company believes the risk is minimal.
Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist
Researchers are claiming to have found a new type of Spectre attack that bypasses all existing protections, but that framing isn't well supported.