Crashing honeypots alerted the researcher who found the Bluekeep vulnerability.
Bluekeep, a remote code execution vulnerability in Microsoft's Remote Desktop Services, has been exploited in the wild. The vulnerability, designated CVE-2019-0708, was discovered earlier this year and patched in May. The critical vulnerability was considered so significant that Microsoft took the unusual step of issuing patches for out-of-support Windows versions in an attempt to stop exploitation.
Kevin Beaumont (@GossiTheDog), who discovered Bluekeep, found the exploit when his Bluekeep honeypots began crashing this past weekend. He shared his data with researcher Marcus Hutchins, who verified the results. In analyzing the code crashing the honeypots, Hutchins found the obfuscated payload ultimately installed a cryptocurrency miner on the victim system.
"It is curious that this publicly known wormable vulnerability, known to everyone who would care to know for at least six months, took this long to get detectably weaponized," Hutchins wrote in a blog post sharing the exploit's analysis.
And while the vulnerability has been patched, the patch must be applied to be effective. "According to BinaryEdge, there are over 700,000 vulnerable systems that are publicly accessible, including over 100,000 in the United States alone. The risks here cannot be overstated — organizations must patch their systems immediately," says Satnam Narang, senior research engineer at Tenable.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024