Wednesday , November 25 2020

The critical vulnerability in older versions of Windows may have similar consequences for WannaCry

While Microsoft has already issued patches that fix the bug, if exploitation exploits this failure on computers without updating, it can allow an attacker to distribute malware among vulnerable computers, similar to WannaCry's distribution method.

While Microsoft has already released a patch that corrects this failure in the latest update, the company said that at the moment they have not identified the exploitation of this bug, but consider it very likely that cyber criminals end up typing in the exploits exploiting this vulnerability and then incorporating it into malware.

For its part, the company explained in the publication that the vulnerability that the nickname "BlueKeep" received is in the pre-authentication phase and does not require user interaction, which means it can allow malicious software. Use this error that spreads among vulnerable computers a similar way WannaCry did it in 2017.

In fact, Microsoft decided to release 2003 versions of Windows, as well as for XP, Windows 7, and Windows Server 2008 and 2008 R2 versions, systems that are affected by this failure.

Vulnerability, registered as CVE-2019-0708, resides in Remote Desktop Services (RDP) services, also known as Terminal Services, but not in the RDP protocol itself, and allows the attacker to remotely execute the code.

As security researcher Kevin Beaumont reported on his Twitter account, after conducting a search for the Shodan tool, currently has about 3 million RDP endpoints directly exposed on the Internet.

To make things worse, vulnerability to exploitation requires a low level of complexity and is cataloged with a score of 3.9 out of 10 according to the system set up by Microsoft to determine the complexity. As a reference, WannaCryptor developers had an NSA-written exploitation to exploit the deficiencies of CVE-2017-0144 and CVE-2017-0145 whose operational complexity was judged to be high, explained Arstechnica.

As we said at the beginning of this post, we are not currently aware of the exploitation of "BlueeKeep". In another tweet, released by security expert Kevin Beaumont, no proof of the concept (PoC) has been revealed so far and no signs of exploitation as part of the campaign have been identified, although they appear in fake GitHub PoCs as a joke.

Although the installation of the patches released by Microsoft, the equipment ceases to be vulnerable to this failure, the reality shows that despite the warnings issued and the call for updating computers running Windows 2003, XP, 7, Server 2008 and Server 2008 R2. In fact, a recent Forescout report found that in the United States, 71% of computers operating in large medical institutions of that country will use operating systems without the support of updates for the next January 14, 2020. This is because Microsoft has announced that it will stop releases security updates for Windows 7 for free as a way to encourage users to upgrade new and more reliable versions of their operating system.

Juan Manuel Haran

Source link