The notorious Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and BlueKeep has been exploited in the wild to deliver cryptocurrency mining malware, researchers warned over the weekend.
BlueKeep, which Microsoft addressed in May, allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft warned that the vulnerability is wormable and it can allow a piece of malware to spread similar to how the EternalBlue exploit was used by the WannaCry ransomware back in 2017.
Microsoft has urged users on several occasions to install the patch, and government agencies have also issued alerts. The patch has been made available for unsupported versions of Windows, including XP, but over 700,000 systems are still said to be vulnerable to attacks.
Microsoft and the cybersecurity community have been expecting to see attacks in the wild since the first proof-of-concept (PoC) exploits emerged. While BlueKeep may have been exploited for a long time in targeted attacks that have not been detected or made public, a researcher reported over the weekend that he has seen the first mass exploitation attempts.
Researcher Kevin Beaumont — the expert is the one who named the vulnerability BlueKeep — has been running a worldwide honeypot network, named BluePot, in an effort to catch exploitation attempts.
Attacks appear to have begun on October 23, when Beaumont’s honeypots started crashing and rebooting, but he only realized that it was due to BlueKeep exploitation attempts on November 2.
Beaumont has analyzed the attacks with help from British researcher Marcus Hutchins (aka MalwareTech) and they determined that the individuals behind this campaign have been using a
Support the originator by clicking the read the rest link below.
