Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example

Topic

New Reply

Catalin Cimpanu wrote in ZDNet on Friday that there’s a “weaponized” BlueKeep exploit available if you have the cash. (More BlueKeep info here.) There
[See the full post at: Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example]

Reply | Quote

Replies

Any evidence that BlueKeep is exploitable if RDP / remote access is turned OFF? I haven’t seen any, though I freely admit to not having looked very hard recently.

It’s easy to do. Doesn’t even require hand-to-hand combat with the registry. Seems to me that turning this feature off should be on everyone’s security ToDo list. (Except for those who KNOW that they need to use it, of course.)

Reply | Quote

posted pointing to a good borncity article 1894439 on the other Bluekeep thread.

 

Windows - commercial by definition and now function...

Reply | Quote

Maybe this belongs in the Rant area.

BlueKeep remain suspicious  to me.

1. No single patch for just Bluekeep. I will not go the all route either in Security or Complete Patches. If Bluekeep is so bad, why not just a patch for that. That way almost  no bugs. It should basically be a matter of just replacing one Dll.
2. The patch that is suggested for Bluekeep comes with Telemetry. Microsoft instead of making sure all get patched for Bluekeep, instead is still playing their game of Time to get win 10 on your system. 10 is not going to happen here. Ms should know that. They should be trying to head off the worm, but instead are playing games and getting others to say no thank you to patching.
3. Bluekeep has been official around since May ( almost Three months) and still no real worms has been seen. By the way one place where Remote Desktop makes sense ( and IMO the only place) is diagnosis. Why else would one give others use of YOUR computer to a remote user?

 

Reply | Quote

anonymous wrote:

The patch that is suggested for Bluekeep comes with Telemetry. Microsoft instead of making sure all get patched for Bluekeep, instead is still playing their game of Time to get win 10 on your system.

That is incorrect.

Previous to Sept 2018, KB2952664 (Compatibility Appraiser) was a separate unique patch.

+The May Monthly Rollup and Security-only Update contain the fix for BlueKeep.
+ the May Security-only Update DOES NOT contain telemetry.
+ The July Security-only Update DOES contain telemetry (KB2952664 functionality = Compatibility Appraiser) and DOES NOT contain the fix for BlueKeep
+ Telemetry (KB2952664 functionality = Compatibility Appraiser) was introduced in the Sept 2018 Rollup Preview and in the Oct 2018 Monthly Rollup.

Reply | Quote