CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Microsoft Reminds Users to Patch Wormable ‘BlueKeep’ Vulnerability

Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation.

Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation.

The vulnerability affects Windows Remote Desktop Services (RDS) and it was addressed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described by the company as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

An unauthenticated attacker can use the weakness to execute arbitrary code and take control of a device without any user interaction. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

The company on Thursday reminded users to update their systems after a researcher reported detecting nearly one million vulnerable devices exposed to the internet.

“Many more within corporate networks may also be vulnerable,” Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), said in a blog post. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.”

The company says it’s “confident that an exploit exists for this vulnerability” and that even though a worm has yet to be seen, it does not mean that a piece of malware will not eventually incorporate an exploit for CVE-2019-0708.

“Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible,” Pope said. “It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet.”

Microsoft has pointed out that the WannaCry ransomware, which caused significant damage to organizations worldwide, successfully used the EternalBlue exploit nearly two months after the company released a patch.

Advertisement. Scroll to continue reading.

Several cybersecurity firms and researchers claim to have already developed proof-of-concept (PoC) exploits for the BlueKeep vulnerability, including ones that achieve remote code execution. Some partial PoC exploits have been made public and at least two organizations reported seeing scanning activity targeting CVE-2019-0708.

Organizations have been warned that the vulnerability poses a risk not only to IT networks, but also to industrial and healthcare environments.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.