Expert On BlueKeep Exploitation Spotted In The Wild

By   ISBuzz Team
Writer , Information Security Buzz | Nov 04, 2019 05:21 am PST

On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep. CVE-2019-0708, a critical remote code execution vulnerability in Microsoft’s Remote Desktop Services, was patched back in May 2019.

This weekend, Beaumont observed blue screens of death (BSODs) for his BlueKeep honeypots on November 2. Beaumont shared a kernel crash dump from his honeypots with Hutchins, who confirmed this as the first exploitation of BlueKeep in the wild. Hutchins shared his analysis in a blog post, where he identified the attackers were utilising a recently released exploit module to distribute a cryptocurrency (or “coin”) miner detected by 44% scanners on VirusTotal as of November 3.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
November 4, 2019 1:25 pm

This is the first example of attackers exploiting the BlueKeep vulnerability in the wild which should set alarm bells off for organisations that have yet to patch vulnerable systems. According to BinaryEdge, there are over 700,000 vulnerable systems that are publicly accessible – including nearly 9,000 in France, over 10,000 in Germany, over 4,500 in Australia and over 100,000 in the United States. The risks here cannot be overstated — organisations must patch their systems immediately.

Last edited 4 years ago by Satnam Narang

Recent Posts

Would love your thoughts, please comment.x