Ever since Shadow Brokers released Eternal Blue of National Security Agency, the world’s most advanced hacking organization, on April 2017, the Remote Desktop Services have become more exposed to threats of wormable ransomware through infectious codes.
After Wannacry ransomware plague of 2017, Microsoft is “confident” on the existence of another such exploit in the wild. Tracked formally as CVE-2019-07-08, the Bluekeep flaw has been estimated to have affected about one million boxes and this could just be a fraction according to citations by Errata security CEO, Rob Graham.
The Bluekeep flaw is wormable which means that it can self-replicate and infect devices connected over the internet with zero user interaction. The attacker can run arbitrary codes on the remote desktop services which can be hacked to install malware, steal private information or data and lock system down with ransomware. This could be as malicious as or more than “Wannacry Ransomware”.
Going beyond in the efforts to provide updated facilities, Microsoft has given Windows XP, 2003 and Vista an emergency notice to update their systems even when the system was unsupported from five, four and two years respectively. Devices having versions of and advanced than Windows 7 remain safe due to update safety.
Even After 2 weeks of notice no device has been specifically detected to be down with the malware yet, still, the estimation remains intact on supposition.
According to Simon Pope, Director at Incidence Response MSRC,
“Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.”
The patch for Wannacry, MS17-010 was successful in ensuring safety after 2 months of the threat detection. The risk resided in the then version of SMBV1.
Unless updated or set up by Net level Authentication, the vulnerable system users are requested to avoid exposing the Remote Desktop Services to the internet.
The Bluekeep Flaw can be a way beyond risk for institutional devices that continuously record and store data at banks, transportation hubs, docks, hospitals, universities, and Enterprises. What becomes important is a quick detection of the flaw since a single device can provide the gateway to the network of other infected systems.