CVE-2019-0708 critical remote code execution vulnerability spotted by researchers
Security researchers Kevin Beaumont and Marcus Hutchins have confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep.
CVE-2019-0708, a critical remote code execution vulnerability in Microsoft's Remote Desktop Services, was patched back in May 2019. Beaumont subsequently setup BlueKeep honeypots to keep tabs on global in-the-wild exploitation attempts of the flaw. Honeypots are bait machines used by security researchers to catch exploit attempts. Over the weekend, Beaumont observed blue screens of death (BSODs) for his BlueKeep honeypots on November 2. Hutchins shared his analysis in a blog post, where he identified the attackers were utilizing a recently released exploit module to install a cryptocurrency miner, detected by 44% scanners on VirusTotal as of November 3.
Satnam Narang, Senior Research Engineer, Security Response at Tenable, says, "This is the first example of attackers exploiting the BlueKeep vulnerability in the wild which should set alarm bells off for organizations that have yet to patch vulnerable systems. According to BinaryEdge, there are over 700,000 vulnerable systems that are publicly accessible, including over 8,000 in India. The risks here cannot be overstated - organizations must patch their systems immediately."
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.