Patch now! Why the BlueKeep vulnerability is a big deal

Discussion in 'other security issues & news' started by Minimalist, May 22, 2019.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    https://www.welivesecurity.com/2019/05/22/patch-now-bluekeep-vulnerability/
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    73,121
    Location:
    Texas
    Why a Windows flaw patched nine days ago is still spooking the Internet
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    Intense scanning activity detected for BlueKeep RDP flaw
    A threat actor hidden behind Tor nodes is scanning for Windows systems vulnerable to BlueKeep flaw
    May 26, 2019

    https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

    https://thehackernews.com/2019/05/bluekeep-rdp-vulnerability.html
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    Microsoft issues second warning about patching BlueKeep as PoC code goes public
    Time's running out on patching older systems against the BlueKeep vulnerability
    May 31, 2019

    https://www.zdnet.com/article/micro...ut-patching-bluekeep-as-poc-code-goes-public/
    Microsoft: A Reminder to Update Your Systems to Prevent a Worm
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    Even the NSA is urging Windows users to patch BlueKeep (CVE-2019-0708)
    NSA issues ominous security advisory after Microsoft published two similar warnings last month
    June 4, 2019

    https://www.zdnet.com/article/even-the-nsa-is-urging-windows-users-to-patch-bluekeep-cve-2019-0708/
    NSA: NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    MetaSploit Module Created for BlueKeep Flaw, Private for Now
    June 5, 2019
    https://www.bleepingcomputer.com/ne...le-created-for-bluekeep-flaw-private-for-now/
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,179
    Location:
    DC Metro Area
    "Warnings of world-wide worm attacks are the real deal, new exploit shows

    Latest Metasploit module is being kept private, but time is running out.

    For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal...

    The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.

    It’s these last six seconds that underscore the danger posed by the vulnerability,..."

    https://arstechnica.com/information...-shows-the-wormable-danger-is-very-very-real/
     
  9. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    Avast Business report may help explain why users are resisting Microsoft’s BlueKeep patch
    June 12, 2019
    https://blog.avast.com/avast-report-bluekeep-patch
    Avast Business Report: (PDF - 575 KB): https://press.avast.com/hubfs/media-materials/kits/Avast%20Business%20Patch%20Management/Patch%20Inertia%20Report-SMBs.pdf?hsLang=en
     
  10. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    Organizations urged to patch for BlueKeep as latest malware charts are revealed
    June 13, 2019
    https://betanews.com/2019/06/13/patch-bluekeep-malware-charts/
    Check Point: May 2019’s Most Wanted Malware: Patch Now to Avoid the BlueKeep Blues
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    There's a lot more to patching security vulnerabilities than you might think
    https://www.cyberscoop.com/patching-vulnerability-plan-microsoft-equifax-linkedin/
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    BlueKeep PoC demonstrates risk of Remote Desktop exploit
    July 1, 2019
    https://news.sophos.com/en-us/2019/07/01/bluekeep-poc-demonstrates-risk-of-remote-desktop-exploit/
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,789
    Location:
    Among the gum trees
    https://www.abc.net.au/news/2019-07...ity-bluekeep-and-cyber-security-risk/11277270
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth
    https://www.cyberscoop.com/bluekeep-removal-remote-desktop-wannacry-notpetya/
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    More than 805,000 systems are still exposed to BlueKeep, study finds
    https://www.cyberscoop.com/bluekeep-patching-study-bitsight/
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,252
    Location:
    Here
    Why Microsoft’s BlueKeep Bug Hasn’t Wreaked Havoc—Yet
    https://www.wired.com/story/bluekeep-worm-windows/
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.