Microsoft warns again (for a second time) to its customers for BlueKeep or CVE-2019-0708 vulnerability. Note that this security gap exists in earlier versions of Windows and Remote Desktop Protocol (RDP).
The company published the second warning because the last two days appeared online, exploits with two different PoCs (for example)
"Microsoft is convinced that there is an exploit on this issue, and if recent reports are accurate, almost a million online PCs are still vulnerable to CVE-2019-0708"Said Simon Pope, Director of Incident Response, at the Microsoft Security Response Center (MSRC).
Scans for computers that are vulnerable to BlueKeep continue for a week and reportedly exhibit an ever-increasing rate of vulnerable systems. So Microsoft after the appearance of the public PoC warns again before the start of the attacks.
Updates that fix the issue are available for all older Microsoft operating systems (Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008) all versions of Windows that are vulnerable to BlueKeep attacks.
The company first warned on May 14 when it released updates that fixed the issue. At the time the company had reported that the flaw was dangerous because it not only allowed remote implementation, but also because it was a worm (it has the ability to self-replicate).
“Our recommendation remains the same. We recommend that you update all affected systems as soon as possible, ”says Simon Pope.
Here is to say that the PoC we give above through GitHub is not as dangerous as it can hit a remote vulnerable system, but it can not run code on it.
However experienced reverse engineers were able to achieve remote code execution but did not publish a PoC for fear of a mass contaminations.
Security researchers who have managed to create a functional exploit are from companies Zerodium, McAfee, Kaspersky, Check Pointst, MalwareTechAnd Valthek.
