{"id":10543,"date":"2019-07-23T07:37:15","date_gmt":"2019-07-23T05:37:15","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=10543"},"modified":"2019-07-23T07:41:21","modified_gmt":"2019-07-23T05:41:21","slug":"bluekeep-warning-exploit-might-come-soon","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/07\/23\/bluekeep-warning-exploit-might-come-soon\/","title":{"rendered":"BlueKeep warning: Exploit might come soon?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" height=\"58\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/07\/23\/bluekeep-warnung-exploit-drfte-bald-kommen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Another warning &#8211; after someone has posted slide deck foils about the BlueKeep vulnerability on GitHut, it shouldn't be long before a working exploit appears in practice.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/a083c92455a34f7aa590ed409cd0eb39\" alt=\"\" width=\"1\" height=\"1\" \/>Nothing is as old as yesterday's news. A few hours ago I was able to find out in the article <a href=\"https:\/\/borncity.com\/win\/2019\/07\/22\/windows-wie-stehts-um-die-bluekeep-schwachstelle-im-juli-2019\/\">Windows: What about the BlueKeep vulnerability in July 2019?<\/a> that so far no exploit has been known to exploit it to exploit the BlueKeep vulnerability on unpatched systems. This is likely to change soon.<\/p>\n<h2>Slides of a public presentation<\/h2>\n<p>At a security conference held in Beijing during the days, a speaker spoke about the Remote Desktop Services vulnerability CVE-2019-0708 (BlueKeep) and presented a concept for a working exploit.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p dir=\"ltr\" lang=\"en\">On a security conference held in Beijing two days ago, someone talked about how to exploit CVE-2019-0708(BlueKeep). Here is slides: <a href=\"https:\/\/t.co\/0xdRqy2Ufy\">https:\/\/t.co\/0xdRqy2Ufy<\/a> <a href=\"https:\/\/t.co\/M6hnzf8oXc\">pic.twitter.com\/M6hnzf8oXc<\/a><\/p>\n<p>\u2014 hjy (@hjy79425575) <a href=\"https:\/\/twitter.com\/hjy79425575\/status\/1153122074891653120?ref_src=twsrc%5Etfw\">22. Juli 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve1aa07c01d3e34ac5b4db24ee730ff787\" class=\"wlWriterPreserve\"><script src=\"https:\/\/platform.twitter.com\/widgets.js\" async=\"\" charset=\"utf-8\"><\/script><\/span><\/p>\n<p>Die Folien fanden dann ihren Weg auf Dropbox und stehen nun auch auf GitHub zur Verf\u00fcgung.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p dir=\"ltr\" lang=\"en\">BlueKeep Warning: someone published a slide deck explaining how to turn the crash PoC into RCE. I expect we'll likely see widespread exploitation soon.<a href=\"https:\/\/t.co\/MG2IZfy5B5\">https:\/\/t.co\/MG2IZfy5B5<\/a><\/p>\n<p>\u2014 MalwareTech (@MalwareTechBlog) <a href=\"https:\/\/twitter.com\/MalwareTechBlog\/status\/1153383956621869056?ref_src=twsrc%5Etfw\">22. Juli 2019<\/a><\/p><\/blockquote>\n<p><span id=\"preserve6020552343e24085944c60821d30b6f0\" class=\"wlWriterPreserve\"><script src=\"https:\/\/platform.twitter.com\/widgets.js\" async=\"\" charset=\"utf-8\"><\/script><\/span><\/p>\n<p>The previous publicly known approaches for a Proof of Concept (PoC) enabled a maximum crash of the Windows system. In the above tweet, MalwareTech expresses the suspicion that the slides that have become public will soon lead to an exploit that will enable a Remote Code Execution (RCE) attack.<\/p>\n<h2>The BlueKeep vulnerability<\/h2>\n<p>I had reported about the BlueKeep vulnerability CVE-2019-0708 in several blog posts. An explanation of the vulnerabilities can be found in the blog post <a href=\"https:\/\/borncity.com\/win\/2019\/05\/15\/critical-update-for-windows-xp-up-to-windows-7-may-2019\/\">Critical update for Windows XP up to Windows 7 (May 2019)<\/a>. There is a patch, but it has not been installed on all systems.<\/p>\n<p>There is a patch, but it has not been installed on all systems. It is currently estimated that approximately 800,000 systems are still unpatched and accessible via the Internet. In my blog post <a href=\"https:\/\/borncity.com\/win\/2019\/06\/06\/how-to-bluekeep-check-for-windows\/\">How To: BlueKeep-Check for Windows<\/a>, I explained how a system can be scanned both locally for installed patches and in a network for vulnerabilities.<\/p>\n<p><strong>Similar articles<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/05\/28\/angreifer-scannen-windows-systeme-auf-bluekeep-lcke\/\">A threat actor scans Windows systems for BlueKeep vulnerability<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/05\/21\/bluekeep-watch-the-windows-remote-desktop-services-vulnerability\/\">BlueKeep: Windows Remote Desktop Services vulnerability exploits status<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/05\/15\/critical-update-for-windows-xp-up-to-windows-7-may-2019\/\">Critical update for Windows XP up to Windows 7 (May 2019)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/05\/29\/nearly-1-million-windows-machines-with-bluekeep-vulnerability\/\">Nearly 1 million Windows machines with BlueKeep vulnerability<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/06\/01\/bluekeep-vulnerability-microsoft-warns-about-a-wormable-malware-epedemia\/\">BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/06\/03\/bluekeep-patch-for-pirated-copies-ssl-tunnel-as-a-risk-factor\/\">BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/06\/06\/how-to-bluekeep-check-for-windows\/\">How To: BlueKeep-Check for Windows<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another warning &#8211; after someone has posted slide deck foils about the BlueKeep vulnerability on GitHut, it shouldn't be long before a working exploit appears in practice.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[1965,69,194],"class_list":["post-10543","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-bluekeep","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=10543"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10543\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=10543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=10543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=10543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}