[German]Today, a look at the vulnerability CVE-2019-0708 (BlueKeep) in Windows Remote Desktop Services, for which Microsoft released updates from Windows XP to Windows 7 on May 14, 2019.
Advertising
I had reported about the BlueKeep vulnerability CVE-2019-0708 in several blog posts. An explanation of the vulnerabilities can be found in the blog post Critical update for Windows XP up to Windows 7 (May 2019). There is a patch, but it has not been installed on all systems. Here is a short inventory.
No utilization so far
First, a look at the question of whether BlueKeep is being exploited. Security researcher Kevin Beaumont has been running a honeypot for some time now and has submitted a status message in the following tweet..
This is still up and running, no sign of blue screens or exploitation. Plenty of RDP bruteforce, as @SophosLabs have discovered too :D pic.twitter.com/5hlvfMnQRq
— Kevin Beaumont (@GossiTheDog) 17. Juli 2019
He has recognized a lot of brute forece attacks on the honeypot's RDP access. But he hasn't yet seen an exploit to trigger a blue screen on the target system or even an exploit to bypass the RDP login. It is still possible to give an 'all-clear' regarding the exploitation of the vulnerability..
Tenable: Probably still 800,000 systems unpatched
A few days ago, security provider tenable sent me a statement that many systems are still unpatched.
Advertising
"Recent estimates show that over 800,000 systems are still vulnerable to the BlueKeep vulnerability – almost two months after patches were deployed. Although the number of unpatched systems has decreased since May, that's not enough. While there is a lot of panic in the security industry, this is not the case – companies and users should not just dismiss BlueKeep as the next 'hype'. The vulnerability is too dangerous for that: BlueKeep has the best prerequisites to become the next WannaCry or NotPetya. Our urgent appeal: "Patchen Sie!
Are my systems patched?
If one or the other administrator is faced with the question how to scan his systems for the BlueKeep vulnerability, this can be remedied. In my blog post How To: BlueKeep-Check for Windows, I looked at how a system can be scanned both locally for installed patches and on a network for vulnerabilities.
Similar articles
A threat actor scans Windows systems for BlueKeep vulnerability
BlueKeep: Windows Remote Desktop Services vulnerability exploits status
Critical update for Windows XP up to Windows 7 (May 2019)
Nearly 1 million Windows machines with BlueKeep vulnerability
BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia
BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor
How To: BlueKeep-Check for Windows
Advertising