Microsoft’s security team warns about more destructive BlueKeep attacks installing coin miners after detection of a first-ever malware campaign that exploits the BlueKeep vulnerability.
Cybersecurity researchers have discovered an amateur attempt to use the BlueKeep RDP vulnerability last week. The attackers used BlueKeep vulnerability to break into unpatched Windows systems and install a cryptocurrency miner. It is believed that this attack was built around BlueKeep for the past six months.
Microsoft is warning users to apply patches urgently
Microsoft says this is just the beginning, and that attackers will eventually refine their attacks, and that the worst is yet to come:
While there have been no other verified attacks involving ransomware or other types of malware as of this writing, the BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners. We cannot discount enhancements that will likely result in more effective attacks.
At the end of May, Microsoft released a patch to mitigate the effects of BlueKeep vulnerability residing in Remote Desktop Services, which could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system. Now, Microsoft is warning users to apply patches urgently – for the third time this year, that’s because BlueKeep (CVE-2019-0708) can affect the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems.
The company underlined the importance of applying patches with the words:
Stay tuned for up-to-date Cyber Security News
Customers are encouraged to identify and update vulnerable systems immediately. Many of these unpatched devices could be unmonitored RDP appliances placed by suppliers and other third-parties to occasionally manage customer systems. BlueKeep can be exploited without leaving obvious traces, customers should also thoroughly inspect systems that might already be infected or compromised.