Earlier this month, we brought you news of an incredibly nasty remote code execution vulnerability affecting Windows systems; specifically, Windows 7, Windows Server, Windows Server 2008 R2, Windows Server 2008, and even the ancient Windows XP. Microsoft in fact was so worried about this WannaCry-style malware that it even pushed out a patch for Windows XP; an operating system that has been officially supported for years.
At the time, Microsoft stated, "It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows."
Apparently, not enough of its customers are heeding its warning, as Microsoft is once again imploring them to patch affected systems immediately. The exploit, known colloquially as BlueKeep (CVE-2019-0708), has reported infected nearly a million internet-connected computers around the globe.
Not even kidding, it took me like an hour to figure out how to exploit the vulnerability and 4 days to implement RDP in python. https://t.co/dQAU4jUDbJ— MalwareTech (@MalwareTechBlog) May 24, 2019
"Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise," writes Microsoft via a TechNet blog.
“Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible."
BlueKeep is listed a "critical" vulnerability found within Remote Desktop Services and requires absolutely no user interaction to activate. As Microsoft explains:
An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
At this point, Microsoft says that it has not seen any evidence of a real-world attack using the BlueKeep proof of concept. "It is possible that we won’t see this vulnerability incorporated into malware," Microsoft warns. "But that’s not the way to bet."