SecurityWeek foreign media reports, there is BlueKeep high-risk vulnerabilities nearly 1 million devices a security risk, and hackers have already began scanning for potential targets. No. The vulnerability CVE-2019-0708, is present in the Windows Remote Desktop Services (RDS), the Japan-China activities in this month's Patch Tuesday has been fixed.
The vulnerability is described as worm-type (wormable), can take advantage of RDS service spread malicious programs, similar to the way in 2017 ravaged WannaCry ransomware. Already anonymous hacker attempts to exploit this vulnerability to execute arbitrary code, and a request to send a specially crafted Remote Desktop Protocol (RDP), you can control the computer without the need for user interaction.
Microsoft has released currently applies to Windows 7, Windows Server 2008, Windows XP, Windows Server 2003 patch. Windows 7 and Windows Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA), and also to mitigate the threat by blocking TCP port 3389.
Many experts can be found based on BlueKeep cyber attack, but there is no mature PoC.
Originally collected by the 0-day platform Zerodium founder Chaouki Bekrar found, BlueKeep without any authentication vulnerabilities may be remotely exploitable.
"We have confirmed that Microsoft recently patched Windows Pre-Auth RDP Vulnerability (CVE-2019-0708) could be malicious use. In the absence of authentication, the attacker can remotely operate and get Windows Srv 2008, Win 7, Win 2003, SYSTEM privileges on XP. enable NLA can alleviate vulnerability to some extent. the best play immediately patch, "Bekrar tweet representation.
Saturday, threat intelligence firm GreyNoise start scanning to detect hacker activity. Its founder, Andrew Morris, said attackers are using Metasploit module scans the Internet RiskSense detected, to find vulnerable hosts BlueKeep exploits. He tweeted on Saturday, said: "Tor exit node only observe this activity, which may be performed by a hacker."
Currently, these are just scan, not the actual use to try. However, there is at least one hacker has invested considerable time and effort to compile a list of devices vulnerable to prepare for the actual attack. There are at least six companies to disclose the use of BlueKeep has developed a loophole, and can at least find two very detailed article on BlueKeep details of the vulnerability of the Internet, so that hackers use to develop their own way just a matter of time.
Manuscripts: cnBeta