Two years after the WannaCry ransomware wreaked havoc on the internet, security professionals are having a grim case of déjà-vu. They’ve tallied the internet-facing computers that aren’t patched for BlueKeep, a vulnerability in old Microsoft Windows operating systems, and wonder when that negligence will come home to roost.
“I think everyone is in agreement that once exploits for this are public, it’s going to be bad,” Craig Williams, Cisco Talos’ director of outreach, told CyberScoop.
The BlueKeep vulnerability is in Remote Desktop Services, a popular Windows program that grants remote access to computers for administrative purposes. By abusing that remote access, a hacker could delete data or install a new program on a system.
“Every CISO right now should have a plan already written down to deal with BlueKeep once the exploit starts surfacing,” Williams said. Organizations need layered defenses so that any BlueKeep-based infection “doesn’t spread like wildfire behind what you thought was a protected perimeter,” he added.
WannaCry exploited a different Windows flaw to infect over 200,000 machines in 150 countries, costing Britain’s National Health Service alone more than $100 million. Like WannaCry, BlueKeep is “wormable,” meaning malware abusing the vulnerability could move from infected system to infected system.
Security experts are hoping to avoid a repeat of WannaCry’s wreckage, but they worry that Microsoft’s warning in May about BlueKeep, along with advisories from U.S. security officials, might not have mobilized enough attention t ..
Support the originator by clicking the read the rest link below.
