Microsoft warns BlueKeep could be as bad as Wannacry

Microsoft took the unusual step of issuing a security patch for long since discontinued operating systems like Windows XP and Server 2003 in mid-May.

Now Microsoft has joined the call to action, asking IT admins to urgently patch their devices.

The fix for the vulnerability was released on May 14, so users may not have updated yet. "It is possible that we won't see this vulnerability incorporated into malware", Microsoft warns. "If we look at the events leading up to the start of the WannaCry attacks, they serve to inform the risks of not applying fixes for this vulnerability in a timely manner". This new BlueKeep flaw hasn't yet been publicly disclosed, but that doesn't mean there won't be malware. A number of code samples have however been uploaded to GitHub, though these mostly appear to be trolls.

Microsoft on Thursday again issued advice that its May security patches should be installed to prevent a "wormable" vulnerability (CVE-2019-0708) in Remote Desktop Services (RDS) from getting exploited by attackers. "Microsoft is confident that an exploit exists for this vulnerability", warns Simon Pope, director of incident response at Microsoft's Security Response Center (MSRC). Newer versions of Windows, including Windows 8 and Windows 10, are not affected.

Pope notes that it was almost two months after the release of patches for the previous EternalBlue exploit when WannaCry attacks began, and despite having 60 days to patch systems, a lot of machines were still infected.

According to study posted, Chief Robert Graham of Errata Security an offensive security research company, who has also authored the Internet scanning service Masscan, recently revealed statistic most accurately of the total Windows PCs which continue to be prone to BlueKeep assaults.

Due to the potential great damage that a virus could cause if this vulnerability is exploited, Microsoft has issued a second notification to Windows users. That may just be the tip of the iceberg - a vulnerable machine could act as a gateway into internal networks where there are more wormable systems.

An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. While there is not yet any sign of a worm that exploits the vulnerability, proofs of concept do exist, and it could only be a matter of time before this changes.

Latest News