The BlueKeep situation gets murkier

Topic

New Reply

There have been rumors for the past two weeks that there’s a working BlueKeep exploit on the darkweb. We’ve been fielding (and blocking) many posts on
[See the full post at: The BlueKeep situation gets murkier]

5 users thanked author for this post.

satrow, SueW, Kirsty, walker, geekdom

Reply | Quote

Replies

This might be the wrong place for this. Malwarebytes send me an email.

This was in it:

Sodinokibi targets organizations via hacked RDP connections, hijacking and encrypting all local files and network shares. First spotted in early 2019, detections of Sodinokibi on Malwarebytes endpoints have risen over the last month, and we expect to see those numbers reach new heights after the summer break. (After all, cybercriminals take vacations, too.) .

while this is not bluekeep, it does use Remote Desktop. ( this uses CVE-2019-2725 not cve 2019-0708)

 

Reply | Quote

Microsoft : Protect against BlueKeep

…If you’ve met the DART Team, then you know your worms are our concern and that’s why we keep an eye out for BlueKeep….

Why the urgency?
Via open source telemetry, we see more than 400,000 endpoints lacking any form of network level authentication, which puts each of these systems potentially at risk from a worm-based weaponization of the BlueKeep vulnerability.

The timeline between patch release and the appearance of a worm outbreak is difficult to predict and varies from case to case. As always, the DART team is ready for the worst-case scenario. We also want to help our customers be prepared, so we’re sharing a few previous worms and the timeline from patch to attack. Hopefully, this will encourage everyone to patch immediately.

https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/

2 users thanked author for this post.

columbia2011, NetDef

Reply | Quote