Η Microsoft warns again (for the second time) her clients for her BlueKeep vulnerability or CVE-2019-0708. Note that this vulnerability exists in older versions of Windows and in the Remote Desktop Protocol (RDP) service.
The company issued the second warning because they appeared in the last two days online, exploits with two different PoCs (for example)
"Η Microsoft είναι πεπεισμένη ότι υπάρχει ένα exploit για αυτό το θέμα και αν οι πρόσφατες αναφορές είναι ακριβείς, σχεδόν ένα εκατομμύριο online υπολογιστές εξακολουθούν να είναι ευάλωτοι στο CVE-2019-0708", ανέφερε ο Simon Pope, Διευθυντής του Incident Response, στο Microsoft Security Response Center (MSRC).
Scans for computers that are vulnerable to BlueKeep continue for a week and are reported to have an ever-increasing rate of vulnerable systems. Microsoft, after the emergence of public PoC warns again before the attacks begin.
Updates that fix the issue are available to all the older Microsoft operating systems (Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008) for all versions of Windows that are vulnerable to BlueKeep attacks.
The company had warned for the first time in 14 May when it released the updates that fixed the issue. Then the company had said that the flaw was dangerous because it not only allowed remote execution but also because it was a worm (it has the ability to replicate).
"Η σύστασή μας παραμένει η ίδια. Σας συνιστούμε να ενημερώσετε το συντομότερο δυνατόν όλα τα επηρεαζόμενα συστήματα", αναφέρει ο Simon Pope.
Here is to say that the PoC we give above through GitHub is not as dangerous as it can hit a remote vulnerable system, but it can not run code on it.
However experienced reverse engineers were able to execute remote code execution but did not publish any PoCs for fear of a mass infection.
Security researchers who have managed to create a functional exploit are from companies Zerodium, McAfee, Kaspersky, Check Pointst, MalwareTechAnd Valthek.