{"id":10519,"date":"2019-07-22T00:15:00","date_gmt":"2019-07-21T22:15:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=10519"},"modified":"2019-07-19T22:59:30","modified_gmt":"2019-07-19T20:59:30","slug":"windows-wie-stehts-um-die-bluekeep-schwachstelle-im-juli-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/07\/22\/windows-wie-stehts-um-die-bluekeep-schwachstelle-im-juli-2019\/","title":{"rendered":"Windows: What about the BlueKeep vulnerability in July 2019?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=220785\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Today, a look at the vulnerability CVE-2019-0708 (BlueKeep) in Windows Remote Desktop Services, for which Microsoft released updates from Windows XP to Windows 7 on May 14, 2019. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/574941315ab04023b9785113aa6d05ef\" width=\"1\" height=\"1\">I had reported about the BlueKeep vulnerability CVE-2019-0708 in several blog posts. An explanation of the vulnerabilities can be found in the blog post <a href=\"https:\/\/borncity.com\/win\/2019\/05\/15\/critical-update-for-windows-xp-up-to-windows-7-may-2019\/\">Critical update for Windows XP up to Windows 7 (May 2019)<\/a>. There is a patch, but it has not been installed on all systems. Here is a short inventory.<\/p>\n<h2>No utilization so far<\/h2>\n<p>First, a look at the question of whether BlueKeep is being exploited. Security researcher Kevin Beaumont has been running a honeypot for some time now and has submitted a status message in the following tweet..<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">This is still up and running, no sign of blue screens or exploitation. Plenty of RDP bruteforce, as <a href=\"https:\/\/twitter.com\/SophosLabs?ref_src=twsrc%5Etfw\">@SophosLabs<\/a> have discovered too :D <a href=\"https:\/\/t.co\/5hlvfMnQRq\">pic.twitter.com\/5hlvfMnQRq<\/a><\/p>\n<p>\u2014 Kevin Beaumont (@GossiTheDog) <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1151510296302931969?ref_src=twsrc%5Etfw\">17. Juli 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>He has recognized a lot of brute forece attacks on the honeypot's RDP access. But he hasn't yet seen an exploit to trigger a blue screen on the target system or even an exploit to bypass the RDP login. It is still possible to give an 'all-clear' regarding the exploitation of the vulnerability..<\/p>\n<h2>Tenable: Probably still 800,000 systems unpatched<\/h2>\n<p>A few days ago, security provider tenable sent me a statement that many systems are still unpatched. <\/p>\n<blockquote>\n<p>\"Recent estimates show that over 800,000 systems are still vulnerable to the BlueKeep vulnerability &#8211; almost two months after patches were deployed. Although the number of unpatched systems has decreased since May, that's not enough. While there is a lot of panic in the security industry, this is not the case &#8211; companies and users should not just dismiss BlueKeep as the next 'hype'. The vulnerability is too dangerous for that: BlueKeep has the best prerequisites to become the next WannaCry or NotPetya. Our urgent appeal: \"Patchen Sie!<\/p>\n<\/blockquote>\n<h2>Are my systems patched?<\/h2>\n<p>If one or the other administrator is faced with the question how to scan his systems for the BlueKeep vulnerability, this can be remedied. In my blog post <a href=\"https:\/\/borncity.com\/win\/2019\/06\/06\/how-to-bluekeep-check-for-windows\/\">How To: BlueKeep-Check for Windows<\/a>, I looked at how a system can be scanned both locally for installed patches and on a network for vulnerabilities. <\/p>\n<p><strong>Similar articles<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/05\/28\/angreifer-scannen-windows-systeme-auf-bluekeep-lcke\/\">A threat actor scans Windows systems for BlueKeep vulnerability<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/05\/21\/bluekeep-watch-the-windows-remote-desktop-services-vulnerability\/\">BlueKeep: Windows Remote Desktop Services vulnerability exploits status<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/05\/15\/critical-update-for-windows-xp-up-to-windows-7-may-2019\/\">Critical update for Windows XP up to Windows 7 (May 2019)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/05\/29\/nearly-1-million-windows-machines-with-bluekeep-vulnerability\/\">Nearly 1 million Windows machines with BlueKeep vulnerability<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/06\/01\/bluekeep-vulnerability-microsoft-warns-about-a-wormable-malware-epedemia\/\">BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/06\/03\/bluekeep-patch-for-pirated-copies-ssl-tunnel-as-a-risk-factor\/\">BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/06\/06\/how-to-bluekeep-check-for-windows\/\">How To: BlueKeep-Check for Windows<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Today, a look at the vulnerability CVE-2019-0708 (BlueKeep) in Windows Remote Desktop Services, for which Microsoft released updates from Windows XP to Windows 7 on May 14, 2019.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[2047,194],"class_list":["post-10519","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-secutiy","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=10519"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10519\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=10519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=10519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=10519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}