Published in News

BlueKeep vulnerablity attacks taking place

by on04 November 2019

Targets Windows XP

One of the worst wormable Windows vulnerabilities have been seen in the wild and it is targeting unpatched Windows XP machines.

Software king of the world Microsoft issued its first patch in years for Windows XP in May, which means that the bug was bad. In fact, security experts warned could have a similar impact as the WannaCry worm from 2017.

Dubbed the BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2: and it's now been confirmed that a BlueKeep exploit attack is currently ongoing.

Security researchers, including Kevin Beaumont who originally named the vulnerability and Marcus Hutchins who was responsible for hitting the kill switch that stopped the WannaCry, have confirmed that a widespread BlueKeep exploit attack is underway.

Hutchins told Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale."

It would appear that rather than a wormable threat, where the BlueKeep exploit could spread itself from one machine to another, the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the internet.

While this is not another "WannaCry" the potential for a small scale version of the scenario remains. For now though, this looks like being an attack campaign with a cryptocurrency miner payload.

Last modified on 04 November 2019
Rate this item
(0 votes)

Read more about: