If Microsoft is to be believed, we’re not out of the woods yet, when it comes to BlueKeep-related malware. The company has warned everyone not to get complacent and to install patches immediately, because more serious threats could still be out there.
When the BlueKeep vulnerability was first discovered, it was described as the possible catalyst for the next NotPetya attack. However, to say that it didn’t live up to the hype would be an understatement, given that all we’ve gotten so far was a cryptocurrency miner which was easy to spot and even easier to eliminate.
However, Microsoft is now claiming that we may yet see devastating, self-spreading malware that abuses the BlueKeep flaw.
"While there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners," Microsoft said today. "We cannot discount enhancements that will likely result in more effective attacks."
Microsoft said that BlueKeep could be exploited in full stealth mode, making it a super deadly flaw.
"Customers are encouraged to identify and update vulnerable systems immediately," the company said. "Many of these unpatched devices could be unmonitored RDP appliances placed by suppliers and other third-parties to occasionally manage customer systems. BlueKeep can be exploited without leaving obvious traces, customers should also thoroughly inspect systems that might already be infected or compromised."
Earlier this year, we reported that almost a million devices were vulnerable to BlueKeep. Those are mostly devices running an older version of the Windows operating system. Microsoft patched the flaw for Windows 7, Server 2008, XP and Server 2003.
The flaw works in a fashion similar to what WannaCry did two years ago. An unauthenticated user can execute arbitrary code to assume control of a machine without any user interaction.
NotPetya is considered one of the most devastating ransomwares to ever hit the internet. Thousands of machines worldwide have had their data encrypted, with companies and institutions such as the NHS almost having their operations grind to a halt.