BlueKeep now being used in attacks – but the sky isn’t falling @ AskWoody

BlueKeep now being used in attacks – but the sky isn’t falling

Posted on November 3rd, 2019 at 07:25 woody Comment on the AskWoody Lounge

Remember BlueKeep – the “wormable” monster infection that was supposed to take over the Windows world?

Two months ago, I warned that there was a working exploit making the rounds.

We finally saw a slightly modified version of that Metasploit exploit used in a for-real infection. Except it isn’t nearly as scary as originally projected, doesn’t operate as a worm, and isn’t exactly taking the world by storm.

Kevin Beaumont found evidence of the infection in some honeypots he set up – but had stopped monitoring.

huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr

— Kevin Beaumont (@GossiTheDog) November 2, 2019

As expected, folks who have either disabled RDP or blocked port 3389 are fine. Still…

Word to the wise: If you haven’t updated your Win7 or Server 2008/Server 2008R2 machine since May, you better get on the stick.

See, there’s a reason why you have to update sooner or later.

Full details from Catalin Cimpanu at ZDNet. Thx GoneToPlaid (who just had a Tesla mode named after him).

UPDATE:

Since publishing, all BlueKeep activity that I could see has stopped.

— Kevin Beaumont (@GossiTheDog) November 4, 2019

Windows Patches/Security BlueKeep

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.