Last week Microsoft released a patch that closes CVE-2019-0708 vulnerability (BlueKeep) that enables executing attacks, similar to WannaCry that affected thousands of computers worldwide.[dropcap]B[/dropcap]ug affects Remote Desktop Services, previously known as Terminal Services. Though in company did not fix attacks with the use of this vulnerability, series of Internet-security experts confirmed that it can be exploited for remote code execution, and developed relevant PoC-exploits.
In particular, this fact confirmed Zerodium founder Chaouki Bekrar that specializes on sale and purchase of exploits. As he says, vulnerability works remotely without authorization and allows rising privileges on vulnerable platforms Windows Server 2008, Windows 7, Windows 2003 and XP.
About creation of working PoC-code reported security researcher with nickname Valthek, though he did not detailed his exploit.
Code health confirmed McAfree specialist Christiaan Beek. Without going into technical nuances, Beek noted that PoC allowed remote code execution on Windows XP.
“After many hours @Valthek was able to get a working PoC for this. We are not going to reveal technical details or release code. We urge everyone to PATCH – it is really nasty…”, — reported Christiaan Beek.
According to him, vulnerability linked with the Remote Desktop Protocol, so users recommended to disable protocol, if it is not used, and download a patch.
Microsoft specialists emphasize that there is possibility that attackers will develop working exploit for this vulnerability and add it to malware program. So it is highly recommended for users to install a patch.