First Bluekeep Exploit Found in the Wild
Crashing honeypots alerted the researcher who found the Bluekeep vulnerability.
Bluekeep, a remote code execution vulnerability in Microsoft's Remote Desktop Services, has been exploited in the wild. The vulnerability, designated CVE-2019-0708, was discovered earlier this year and patched in May. The critical vulnerability was considered so significant that Microsoft took the unusual step of issuing patches for out-of-support Windows versions in an attempt to stop exploitation.
Kevin Beaumont (@GossiTheDog), who discovered Bluekeep, found the exploit when his Bluekeep honeypots began crashing this past weekend. He shared his data with researcher Marcus Hutchins, who verified the results. In analyzing the code crashing the honeypots, Hutchins found the obfuscated payload ultimately installed a cryptocurrency miner on the victim system.
"It is curious that this publicly known wormable vulnerability, known to everyone who would care to know for at least six months, took this long to get detectably weaponized," Hutchins wrote in a blog post sharing the exploit's analysis.
And while the vulnerability has been patched, the patch must be applied to be effective. "According to BinaryEdge, there are over 700,000 vulnerable systems that are publicly accessible, including over 100,000 in the United States alone. The risks here cannot be overstated — organizations must patch their systems immediately," says Satnam Narang, senior research engineer at Tenable.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024