• BlueKeep now being used in attacks – but the sky isn’t falling

    Home » Forums » Newsletter and Homepage topics » BlueKeep now being used in attacks – but the sky isn’t falling

    Tags:

    Author
    Topic
    #1998278

    Remember BlueKeep – the “wormable” monster infection that was supposed to take over the Windows world? Two months ago, I warned that there was a worki
    [See the full post at: BlueKeep now being used in attacks – but the sky isn’t falling]

    4 users thanked author for this post.
    Viewing 2 reply threads
    Author
    Replies
    • #1998374

      Just to be clear, the SO update, kb449175 covers this, right?

      • #1998377

        That is correct. The May 2019 SO and Rollup cover BlueKeep.

        2 users thanked author for this post.
        • #1998469

          Does that SO patch also disable RDP and port 3389, or is that a separate issue still in need of being taken care of? I understand those actions are recommended to generally improve security when accessing the Internet, but are they already also “covered” somehow, by that patch, at least as far as the BlueKeep threat goes, or do we have to do something about it as well, because of BlueKeep?

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          • #1998481

            I believe RDP is disabled by default. But you can verify it at:
            Control Panel\System\System Properties on the Remote tab.
            But the support page for 2019-05 Security-only Qyality Update KB4499175 doesn’t mention anything specifically about closing any port.

            1 user thanked author for this post.
          • #1998487

            There’s no way Microsoft would release a security-only patch that would disable RDP and/or close the firewall port.  No way whatsoever.

    • #1998482

      Woody (Home page blog entry): “Thx GoneToPlaid (who just had a Tesla mode named after him).

      Would that be a”Tesla model”? And if not, what?

      And heartfelt thanks, indeed, to GoneToPlaid! And, whatever has been named after his handle, hearty congrats, I’d imagine, may also be called for! (If it is a “model”, I also hope he is going to be most handsomely paid for the right of Mr. Musk to use his nom de guerre to name one of his company’s cars!)

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #1998551

        I enjoy the humor references, so took the time to find a reference you can follow up.

        https://en.wikipedia.org/wiki/List_of_Easter_eggs_in_Tesla_products#Spaceballs_and_Ludicrous+

        In the movie Spaceballs, there is only one speed which exceeds ludicrous. As a continuation of Tesla’s use of Spaceballs terminology, future versions of the Model S and Model X, as well as the Tesla Roadster (2020), will include a new mode of acceleration which is even faster than Ludicrous+. This new mode is called “Plaid”.[78][79][80] It may be depicted in the cars, as it is in the movie, by a plaid pattern in space.

        (references for footnotes [78][79][80] included at linked article, with appropriate links)

        1 user thanked author for this post.
    • #2001164

      Our machine learning models flagged the presence of the coin miner payload used in these attacks on machines in France, Russia, Italy, Spain, Ukraine, Germany, the United Kingdom, and many other countries.
      The new CVE-2019-0708 RDP exploit attacks, explained (Microsoft Security Blog)

    Viewing 2 reply threads
    Reply To: BlueKeep now being used in attacks – but the sky isn’t falling

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: