Expert On BlueKeep Exploitation Spotted In The Wild

On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep. CVE-2019-0708, a critical remote code execution vulnerability in Microsoft’s Remote Desktop Services, was patched back in May 2019.

This weekend, Beaumont observed blue screens of death (BSODs) for his BlueKeep honeypots on November 2. Beaumont shared a kernel crash dump from his honeypots with Hutchins, who confirmed this as the first exploitation of BlueKeep in the wild. Hutchins shared his analysis in a blog post, where he identified the attackers were utilising a recently released exploit module to distribute a cryptocurrency (or “coin”) miner detected by 44% scanners on VirusTotal as of November 3.

Experts Comments

November 04, 2019
Satnam Narang
Senior Research Engineer
This is the first example of attackers exploiting the BlueKeep vulnerability in the wild which should set alarm bells off for organisations that have yet to patch vulnerable systems. According to BinaryEdge, there are over 700,000 vulnerable systems that are publicly accessible - including nearly 9,000 in France, over 10,000 in Germany, over 4,500 in Australia and over 100,000 in the United States. The risks here cannot be overstated — organisations must patch their systems immediately.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.