-
BlueKeep now being used in attacks – but the sky isn’t falling
Remember BlueKeep – the “wormable” monster infection that was supposed to take over the Windows world?
Two months ago, I warned that there was a working exploit making the rounds.
We finally saw a slightly modified version of that Metasploit exploit used in a for-real infection. Except it isn’t nearly as scary as originally projected, doesn’t operate as a worm, and isn’t exactly taking the world by storm.
Kevin Beaumont found evidence of the infection in some honeypots he set up – but had stopped monitoring.
huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr
— Kevin Beaumont (@GossiTheDog) November 2, 2019
As expected, folks who have either disabled RDP or blocked port 3389 are fine. Still…
Word to the wise: If you haven’t updated your Win7 or Server 2008/Server 2008R2 machine since May, you better get on the stick.
See, there’s a reason why you have to update sooner or later.
Full details from Catalin Cimpanu at ZDNet. Thx GoneToPlaid (who just had a Tesla mode named after him).
UPDATE:
Since publishing, all BlueKeep activity that I could see has stopped.
— Kevin Beaumont (@GossiTheDog) November 4, 2019