Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now

Windows ‘BlueKeep’ Attack That U.S. Government Warned About Is Happening Right Now


(***********************************)(******************)(************************************)(*************************************)(************)(******)(**************************************)(******************)Microsoft, the NSA and even the U.S. Government warned Windows users to update: now the inevitable (***************************************)… (*)(**********)(****************************************) BlueKeep attack is underway.(**********)(************)(*************)(**************)SOPA Images/LightRocket via Getty Images(***************)(****************)(*****************)(******************)When Microsoft issued the first patch in years for Windows XP in May (*************************************************************), you knew that something big was brewing. That something was a wormable Windows vulnerability that security experts warned could have a similar impact as the (*****************************************)WannaCry worm(********************) from (**************************************************************). The (******************************************)BlueKeep vulnerability(********************) exists in unpatched versions of Windows Server (****************************************************************), Windows XP, Windows Vista, Windows 7, Windows Server (***************************************************************) and Windows Server (***************************************************************) R2: and it’s now been confirmed that a BlueKeep exploit attack is currently ongoing.(************)(**********************)A little bit of BlueKeep history(***********************)(******************)Microsoft twice (*******************************************)warned users to update vulnerable Windows systems(********************), first on May (************************************************************************), and then again with (********************************************)even more urgency on May (********************************************************************)(********************). Those warnings appeared to go unheeded in enough numbers to warrant an escalation on the update alerts. On June 4, the National Security Agency (NSA) took the unusual step of (*********************************************)publishing an advisory(********************) urging Microsoft Windows administrators to update their operating system or risk a “devastating” and “wide-ranging impact” in the face of a growing threat. This warning was given even more gravitas on June (**********************************************************************) when the U.S. Government, via the Cybersecurity and Infrastructure Security Agency (CISA), (**********************************************)issued an “update now” activity alert(********************). At much the same time, security researchers were predicting that a “devastating” BlueKeep exploit (***********************************************)was only weeks away(********************).(************)(**********************)The Windows BlueKeep exploit attack(***********************)(******************)Security researchers, including (************************************************)Kevin Beaumont(********************) who originally named the vulnerability and Marcus Hutchins ((*************************************************)also known as MalwareTech(********************)) who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is now currently underway. (**************************************************)Hutchins told Wired(********************) that “BlueKeep has been out there for a while now. But this is the first instance where I’ve seen it being used on a mass scale.” (************)(******************)It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) (***********************************************************) ports exposed to the internet. This dampens the panic that there could be another WannaCry about to happen, although the potential for such a scenario, albeit on a much smaller scale, certainly remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload. (************)(**********************)BlueKeep exploit attack mitigation(***********************)(******************)While there is always the possibility that the threat actors behind this attack could drop more malicious payloads than a crypto-miner, for now, this acts as yet another warning for users of the (*******************************************************************),(*********************************************************************************) or so still vulnerable Windows systems to get patching. Cryptocurrency miners are resource hogs at best, and a roadmap that further malware installations could follow. In the case of this attack, though, there’s another problem to be aware of: the exploit code isn’t all that. It would appear that the attackers are using the (***************************************************)demo exploit code released by the Metasploit team(********************) at Rapid7 in September (*************************************************************), but without enough coding skills to get this to work without it (****************************************************)causing a Blue Screen of Death (BSOD)(********************) error. (************)(******************)Seriously folks, if you are using one of the vulnerable versions of Windows, then what more is it going to take to get you to apply the update that fixes the BlueKeep vulnerability? I’d have thought that a wormable exploit, even if it hasn’t been “wormed” on this occasion, that vampires your system resources or crashed your machine was warning enough. But, hey, what do I know?(************)(*****)(*****************************************************)(******************************************************)Read More(********************)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.