Microsoft gave another warning regarding the patching of the BlueKeep vulnerability (CVE-2019-0708). This vulnerability demanded prompt patching since October 23 when the mass attack exploited this flaw.
The attack was initially discovered on November 2, along with its delay because of the inability of the attacker to fully exploit the vulnerability. The campaign seems to have originated from a threat actor with a low-level skill who intended to exploit the vulnerability to install cryptocurrency mining malware. Microsoft has released yet another alert to expect the worse.
The first attempt of mass exploitation received a lot of attention in the news, but it doesn’t seem to have had a great impact on the urgency of patching. SANS Institute conducted a scan, which showed that the rate of patching did not really change after the attacks. Though the number of unpatched devices steadily declined since the release of the patch by Microsoft in May, still a huge number of devices remain vulnerable to BlueKeep attack.
Though the attack was on a big scale, the success was minimal. The exploit used did not work correctly and the machines simply crashed in most instances. If a skilled threat actor successfully exploited the vulnerability, it’s possible to link a vulnerable device through RDP services without any user interaction necessary. Codes could be executed on unsecured computers, so that the attacker could access, change, and steal information, download malware, and kick off attacks on other unpatched devices linked to the network, including those that aren’t exposed online.
In 2017, security researcher Marcus Hutchins found and initialized a ‘kill switch’ to control the damage that the WannaCry ransomware can cause. Now, he is giving a warning that a ransomware attack can cause a major disruption even without a worm since a large number of vulnerable gadgets are servers.
Microsoft has cautioned that while the BlueKeep attacks are not prevented, other a lot more threatening exploit can be created and employed in a huge attack on vulnerable gadgets. Microsoft is telling customers to determine and upgrade all vulnerable systems right away.