Microsoft warns users to stay alert for more BlueKeep attacks

Microsoft: BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.

Microsoft’s security team believes that more destructive BlueKeep attacks are on the horizon and urges users and companies alike to apply patches if they’ve been lagging.

The company’s warning comes after security researchers detected the first-ever malware campaign that weaponized the BlueKeep vulnerability.

The attacks, which were detected last weekend, used BlueKeep to break into unpatched Windows systems and install a cryptocurrency miner.

Many security researchers considered the attacks underwhelming and not living up to the hype that was built around BlueKeep for the past six months.

This was because Microsoft said BlueKeep could be used to build wormable (self-spreading) malware. However, the attacks that happened over the weekend did not deploy malware that could spread on its own.

Instead, attackers scanned the internet for vulnerable systems and attacked each unpatched system, one at a time, deploying a BlueKeep exploit, and then the cryptocurrency miner.

This was far from the self-spreading malware outbreak that Microsoft said BlueKeep could trigger. Furthermore, in many cases, the BlueKeep exploit failed to work, crashing systems.

But Microsoft says this is just the beginning, and that attackers will eventually refine their attacks, and that the worst is yet to come.

“While there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners,” Microsoft said today. “We cannot discount enhancements that will likely result in more effective attacks.”

Now, Microsoft is warning and urging users to apply patches — for the third time this year.

“Customers are encouraged to identify and update vulnerable systems immediately,” the company said. “Many of these unpatched devices could be unmonitored RDP appliances placed by suppliers and other third-parties to occasionally manage customer systems. BlueKeep can be exploited without leaving obvious traces, customers should also thoroughly inspect systems that might already be infected or compromised.”

THE BLUEKEEP LOWDOWN

Because there’s been a flood of BlueKeep-related coverage this year, below is a summary of what you need to know. Just the essentials:

BlueKeep is a nickname given to CVE-2019-0708, a vulnerability in the Microsoft RDP (Remote Desktop Protocol) service.
BlueKeep impacts only: Windows 7, Windows Server 2008 R2, Windows Server 2008.
Patches have been available since mid-May 2019. See official Microsoft advisory.
On the same day it released patches, Microsoft published a blog post warning about BlueKeep being wormable.
Microsoft issued a second warning about orgs needing to patch BlueKeep, two weeks later, at the end of May.
The US National Security Agency, the US Department of Homeland Security, Germany’s BSI cyber-security agency, the Australian Cyber Security Centre, and the UK’s National Cyber Security Centre have all issued their own security alerts, trying to get companies to patch outdated computer fleets.
Many security researchers and cyber-security firms developed fully-working BlueKeep exploits over the summer; however, nobody published the code after realizing how dangerous the exploit was, and fearing that it could be abused by malware authors.
In July, a US company started selling a private BlueKeep exploit to its customers, so they could test if their systems were vulnerable.
In September, the developers of the Metasploit penetration testing framework published the first public BlueKeep proof-of-concept exploit.
In late October, malware authors started using this BlueKeep Metasploit module in a real-world campaign. Microsoft has an article about this malware campaign here.
According to BinaryEdge, there are roughly 700,000 internet-connected Windows systems that are vulnerable to BlueKeep, and have yet to receive patches.

You can also visit www.reimageplus.com if you are someone who needs assistance with your computer.

Source: https://www.zdnet.com/article/microsoft-warns-users-to-stay-alert-for-more-bluekeep-attacks/

Tags: Bluekeep Microsoft

10 Comments

gmail sign up Reply

November 12, 2019 at 6:36 pm

blue keep is really a dangerous malware and getting in wrong hands will lead it into mass destruction, thanks for the awareness you spread and great write up keep it up..
- Matthew.England Reply
  
  November 12, 2019 at 6:53 pm
  
  Hi,
  
  We appreciate that you like our blog post.
  We’ll be posting more interesting topics that you will surely enjoy.
  
  You may also want to visit our website, http://www.reimageplus.com
  
  Best Regards,
  Matthew England
http://tinyurl.com/quest-bars-cheap-29875 Reply

November 23, 2019 at 1:40 pm

Hey very nice blog!
http://tinyurl.com/w34b9z9 Reply

November 24, 2019 at 9:18 pm

I read this post completely concerning the difference of most
up-to-date and previous technologies, it’s remarkable article.
plenty of fish dating site Reply

November 26, 2019 at 3:59 am

Great article.
- Kylee.Campanella Reply
  
  November 26, 2019 at 5:17 am
  
  Hello,
  
  Thank you for your feedback!
  
  Regards,
  Kylee
mobile legends Reply

December 3, 2019 at 7:38 pm

Post writing is also a fun, if you be familiar with after that you
can write if not it is difficult to write.
- Kerry.Hershey Reply
  
  December 3, 2019 at 8:38 pm
  
  Thank you.
  
  Best Regards,
  Kerry Hershey
yahoo mail Reply

January 18, 2020 at 3:13 pm

Thanks for sharing the information. It really helps me out. Love your blog.
- Matthew.England Reply
  
  January 20, 2020 at 4:47 am
  
  Hi,
  
  Thank you for your feedback.
  
  Watch out for more interesting articles.
  
  Regards,
  Matthew