BlueKeep - again: U.S. Government Announces 'Critical' Warning For Microsoft Windows Users
Source: Forbes
Jun 18, 2019, 04:06am
U.S. Government Announces 'Critical' Warning For Microsoft Windows Users
Davey Winder Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories
The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has gone public with a warning to Microsoft Windows users regarding a critical security vulnerability. By issuing the "update now" warning, CISA has joined the likes of Microsoft itself and the National Security Agency (NSA) in warning Windows users of the danger from the BlueKeep vulnerability.
This latest warning, and many would argue the one with most gravitas, comes hot on the heels of Yaniv Balmas, the global head of cyber research at security vendor Check Point, telling me in an interview for SC Magazine UK that "it's now a race against the clock by cyber criminals which makes this vulnerability a ticking cyber bomb." Balmas also predicted that it will only be "a matter of weeks" before attackers started exploiting BlueKeep.
The CISA alert appears to confirm this, stating that it has, "coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep." That it can confirm a remote code execution on Windows 2000 might not sound too frightening, this is an old operating system after all, it would be unwise to classify this as an exercise in fear, uncertainty and doubt. Until now, the exploits that have been developed, at least those seen in operation, did nothing more than crash the computer. Achieving remote code execution brings the specter of the BlueKeep worm into view as it brings control of infected machines to the attacker.
Research has already revealed that just under one million internet-facing machines are vulnerable to BlueKeep on port 3389, used by the Microsoft Remote Desktop feature. But that's just the tip of this insecurity iceberg. These are a million gateways to potentially many millions more machines that sit on the internal networks they lead to. A wormable exploit can move laterally within that network, rapidly spreading to anything and everything it can infect in order to replicate and spread. Here's the real stinger: that can include machines in an Active Directory domain even if there's no BlueKeep vulnerability to exploit. The machine running the vulnerable Remote Desktop Protocol is merely the gateway, once compromised the clever money is on an incident that could become as widespread as WannaCry was back in 2017.
-snip-
Read more:
https://www.forbes.com/sites/daveywinder/2019/06/18/u-s-government-announces-critical-warning-for-microsoft-windows-users/#777f9a6452d2