History seems to be repeating itself, around 2 years after the outbreak of the WannaCry ransomware, Microsoft discovers a vulnerability in several old versions of Windows and warns of a new disaster, as does the German Federal Office for Information Security (BSI).
Microsoft first reported the vulnerability, called BlueKeep, in Microsoft’s Remote Desktop Protocol (RDP) in May. Windows versions affected include 2003, Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2. Updates are available, but according to research by BitSight, about 800,000 computers worldwide were still vulnerable at the beginning of July. Microsoft clarified in May that it had not yet observed any exploitation of the vulnerability, but in recent weeks more and more information on this has become public. The company Immunity has already developed a software for penetration tests that exploits BlueKeep. Rough instructions for exploitation have also been published on the Github platform, and security researchers have also developed exploits.
What is to be feared?
According to the BSI, “a scenario similar to the spread of WannaCry is conceivable, in which appropriately tailored malware can spread automatically over the Internet.” By comparison, WannaCry infected some 200,000 computers after just a few days, including the systems of Deutsche Bahn, British hospitals and car manufacturer Renault. The damage amounted to at least several hundred million euros. However, BlueKeep could not only be used for ransomware, the vulnerability also offers the possibility for other criminal activities such as espionage or sabotage. In theory, anything is possible and the probability of attacks continues to increase, so users of older Windows versions should update their operating system here.