New Security Flaw from Windows Update brings back bad memories of WannaCry Malware.
Microsoft has had massive issues with Security and System Fixes which isn’t a big surprise but the past couple of months when they do release a new update, users have been experiencing either their Windows freezing up or unexpected restarts. Davey Winder, a contributor for Forbes Cyber Security News mentions a new security threat that could damage computers and be costly as WannaCry was Two Years ago.
Microsoft issued the warning on their Security Response Blog, which refers to CVE-2019-0708; A Remote Code Execution Vulnerability that has become known as the BlueKeep. The Director of Incident Response for Microsoft, Simon Pope stated that he believed that Microsoft was Confident that there is an exploit that existed for this vulnerability, it could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. An Internet-Scale Port Scanner determined that the 923,671 Internet-facing Machines are vulnerable to BlueKeep on Port 3389, which was being used for Microsoft’s Remote Desktop Feature.
Does Microsoft really have confidence in a possible BlueKeep Exploit? It isn’t clear that the Company doesn’t have the intelligence that suggested that the Malware has been weaponized in that way, As David Winder mentioned before that there is a PoC (Proof of Concept) code that is available. You can already count on there being a DoS exploit available and researchers have been successful in developing wormable exploit codes.
“Windows 8 and Windows 10 users are not impacted by this vulnerability, Windows 2003, Windows XP and Windows Vista all are. Despite all of those vulnerable systems being unsupported for some years, Microsoft made the patch available to users which shows just how concerned it is by the “WannaCry 2″ threat. Windows 7 and Windows Server 2008 are also vulnerable.”Derek Winder
Thanks for reading! If you have any suggestions, news tips, or questions, email them to: firstname.lastname@example.org.