The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store
Ever since it was discovered six months ago, the BlueKeep vulnerability has had (not only) the cybersecurity community concerned about impending WannaCryptor-style attacks. Earlier in November, Microsoft together with security researchers Kevin Beaumont and Marcus Hutchins shed light on the first malicious campaign that was aimed at exploiting the critical remote code execution (RCE) flaw. The attacks targeted unpatched vulnerable Windows systems to install cryptocurrency mining software, but were a far cry from the damage caused by WannaCryptor aka WannaCry in May 2017.
Tracked as CVE-2019-0708, BlueKeep was found in a Windows component known as Remote Desktop Services. It affects machines running unpatched versions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. Unfortunately, there is still a great number of systems that haven’t been patched, even though Microsoft rolled out the patch on May 14th.
The first instances of the coin mining campaign date back to October 23rd. Upon further inspection by Microsoft researchers, they found that an earlier campaign that occurred in September used a main implant that contacted the same command-and-control (C&C) servers as the October attack. Machines in a nu ..
Support the originator by clicking the read the rest link below.
