Almost a million devices running older versions of the Windows operating system are vulnerable to a flaw that allows hackers full control over the device, with basically no interaction from the victim.
The vulnerability, dubbed BlueKeep (also known as CVE-2019-0708), has been patched earlier this month, during Microsoft’s regular May 2019 Patch Tuesday updates. Patches are released for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008.
The flaw works in a fashion similar to what WannaCry did two years ago. An unauthenticated user can execute arbitrary code to assume control of a machine without any user interaction.
Security expert Robert Graham from Errata Security (opens in new tab) says that by scanning the internet through the masscan port scanner, it’s not difficult to spot some 923,000 vulnerable devices.
A couple of Proof-of-concept exploits have already been made, although none are still public. However, the media are saying it is only a matter of time before we start seeing the vulnerability in the wild.
“Hackers are likely to figure out a robust exploit in the next month or two and cause havoc with these machines,” Graham said in a blog post.
Cybersecurity firm GreyNoise Intelligence reported seeing “sweeping tests for systems vulnerable to the RDP ‘BlueKeep’ (CVE-2019-0708) vulnerability from several dozen hosts around the Internet.”
Bad Packets also said it is seeing “thousands of requests” coming from the Netherlands, Russia and China.
Image source: Shutterstock/BeeBright