Microsoft released one more warning concerning the need to patch the BlueKeep vulnerability (CVE-2019-0708). The vulnerability required immediate patching considering the October 23 mass attack that took advantage of this vulnerability.
The attack was first identified on November 2, but the attacker was unable to totally exploit the vulnerability. It seems that the threat actor has a low skill level and launched the campaign to exploit the flaw to deploy cryptocurrency mining malware. Microsoft gave another warning that things could go worse.
The first try of mass exploitation acquired a great deal of attention from mass media, but it seems that it did not have a great effect on the seriousness of patching. SANS Institute performed a scan and observed that the speed of patching didn’t quite change after the mass attack. Microsoft released the patch in May and the number of unpatched devices diminished, yet there are still a lot of devices that can be exploited by BllueKeep.
Even though the attack was extensive, it had minimal success. In the majority of cases, the exploit employed failed to work properly and the devices merely crashed. In the event that an expert threat actor exploited the vulnerability with success, it’s possible to connect a vulnerable device via RDP services without the need for user interaction. Codes may be implemented on unsecured computer systems, in order that the attacker can access, modify, and steal data, install malware, and begin attacks on other unpatched devices connected to the network system, which include those that are not exposed on the web.
In 2017, security specialist Marcus Hutchins discovered and initialized a ‘kill switch’ to take care of the WannaCry ransomware damages. At this point, he is cautioning that a ransomware attack is capable of causing a big disruption even with no worm, considering that the vulnerable devices were servers.
Microsoft said that although it is unlikely to prevent the BlueKeep attacks, there are other more threatening exploits that could be made and used in massive attacks on vulnerable devices. Microsoft customers need to identify and update all vulnerable devices straight away.