Microsoft has reminded users to patch the Windows flaw traced as BlueKeep and CVE-2019-0708 owing to the high risk of misuse.
The flaw impacts Windows Remote Desktop Services (RDS) and it was addressed by Microsoft with its May 2019 Patch Tuesday updates. The vulnerability has been labeled by the company as wormable and it can be leveraged by malware to spread similar to the way the infamous WannaCry ransomware did back in 2017 through the EternalBlue exploit.
An unverified attacker can use the susceptibility to perform random code and regulate a device without any user interaction. Microsoft has issued patches for Windows 7, Server 2008, XP and Server 2003.
On Thursday, Microsoft reminded users to inform their systems after a researcher reported perceiving closely one million susceptible devices exposed to the internet.
“Many more within corporate networks may also be vulnerable,” Simon Pope, Director of Incident Response at Microsoft Security Response Center (MSRC), said in a blog post. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise. This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.”
The company says it’s “confident that an exploit exists for this vulnerability” and that although a worm still has to be seen, it does not mean that a piece of malware will not finally integrate an exploit for CVE-2019-0708.
“Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible,” Pope said. “It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet.”
The company has highlighted that the WannaCry ransomware, which caused substantial harm to organizations all over the world, effectively used the EternalBlue exploit approximately two months after the company issued a patch.
Quite a few cybersecurity companies and researchers claim to have already developed proof-of-concept (PoC) exploits for the BlueKeep weakness, including ones that realize remote code performance. Some partial PoC exploits have been made public and at least two organizations reported seeing skimming activity directing CVE-2019-0708.
Companies have been cautioned that the susceptibility represents a risk to IT networks as well as to industrial and healthcare settings.