Wave of extortion with announcement – Microsoft warns of new BlueKeep vulnerability

01.08.2019

Wave of extortion with announcement – Microsoft warns of new BlueKeep vulnerability

History seems to be repeating itself, about 2 years after the outbreak of the WannaCry ransomware, Microsoft discovers a security vulnerability in several old versions of Windows and, like the German Federal Office for Information Security (BSI), warns of a new disaster.

What happened?

In May, Microsoft first reported on the vulnerability called BlueKeep, which is in Microsoft’s Remote Desktop Protocol (RDP). Windows versions 2003, Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are affected. Updates are available, but according to BitSight research , about 800,000 computers worldwide were still vulnerable at the beginning of July. Microsoft clarified in May that there had been no observations of exploitation of the vulnerability, but in recent weeks more and more information has been leaked to the public. The company Immunity has already developed a software for penetration tests that BlueKeep exploits. A rough guide to exploitation was also published on the Github platform, and security researchers also developed exploits.

What is to be feared?

According to the BSI, “a scenario similar to the spread of WannaCry is conceivable, in which appropriately tailored malware can spread automatically via the Internet.” By comparison, WannaCry infected about 200,000 computers after just a few days, including the systems of Deutsche Bahn, British hospitals and the car manufacturer Renault. The damage amounted to at least several hundred million euros. However, BlueKeep could not only be used for ransomware, the vulnerability also offers the possibility for other criminal activities such as espionage or sabotage. In theory, anything is possible and the likelihood of attacks continues to increase, so users of older Windows versions should update their operating system here .