Newsletter Archives

• MS-DEFCON 3: Blocking a potential wormable event

  Posted on August 16, 2024 at 21:22 CDT by Susan Bradley • Comment in the Forums

  

  ISSUE 21.33.1 • 2024-08-16

  

  By Susan Bradley

  It’s been a long time since we’ve had a Microsoft worm event.

  Last week’s patches contained a fix for the Windows TCP/IP Remote Code Execution Vulnerability identified as CVE-2024-38063. This one affects all supported Windows versions and extends back to Windows 7 and Windows 8, including older servers.

  This CVE has a very high danger rating. Because of that, I am lowering the MS-DEFCON level earlier than I normally would, setting it to 3. That sounds backward, but this advisory is conditional, based upon the type of user you are and how you decide to deal with the update.

  Although the danger is real, I believe the risk is somewhat less. In this alert, I’ll explain why.

  Anyone can read the full MS-DEFCON Alert (21.33.1, 2024-08-16).

  AskWoody Plus Alert, MS-DEFCON Alerts, CVE-2024-38063, IPv6, MS-DEFCON, MS-DEFCON 3, Patch Lady Posts, Windows, Windows Server, wormable

• BlueKeep exploitation expected soon

  Posted on July 23, 2019 at 02:59 CDT by Kirsty • Comment in the Forums

  Several hours ago, there was a lot of noise on Twitter about a Github explanation on how to “weaponize” BlueKeep, triggering fears it could soon be widely expolited.

  BlueKeep Warning: someone published a slide deck explaining how to turn the crash PoC into RCE. I expect we'll likely see widespread exploitation soon.https://t.co/MG2IZfy5B5

  — MalwareTech (@MalwareTechBlog) July 22, 2019

  Dan Goodin‘s article on ArsTechnica.com is fairly succinct:

  BEWARE OF WORMABLE EXPLOITS —
  Chances of destructive BlueKeep exploit rise with new explainer posted online

   
  We’ll be keeping an eye on Kevin Beaumont’s Twitter feed, to see what he posts about it today.

  Are you protected?

   
  UPDATE:
  Kevin Beaumont is also warning about a more imminent threat from BlueKeep

  I've updated this thread with @0xeb_bp's #BlueKeep exploitation technical document, newly released today – it shows how to reach UAF. The bar for (unreliable) public exploitation POC is lowering significantly. https://t.co/UX1ujWaQik

  — Kevin Beaumont (@GossiTheDog) 23 July 2019

  Security, Windows Patches/Security BlueKeep, wormable

• There’s now a freely available proof of concept exploit for the “wormable” WinXP/Win7 bug

  Posted on May 20, 2019 at 08:19 CDT by woody • Comment in the Forums

  But it isn’t yet capable of inflicting damage

  https://twitter.com/GossiTheDog/status/1130425920987303936

  Windows Patches/Security BlueKeep, wormable

• Still no exploit in the wild for the “wormable” Win7/WinXP security hole

  Posted on May 19, 2019 at 08:16 CDT by woody • Comment in the Forums

  https://twitter.com/GossiTheDog/status/1129995367427256320

  Windows Patches/Security wormable