News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Heads up: There’s a working, free (but stunted) BlueKeep exploit making the rounds

    Posted on September 6th, 2019 at 13:23 woody Comment on the AskWoody Lounge

    Remember BlueKeep? That’s the wormable hole in Windows Remote Desktop. We’ve talked about it a lot since it first came up in May.

    @NetDef just posted a link to Kevin Beaumont’s tweet:

    If you haven’t patched since May — or if you’re installing manual, security-only patches and somehow skipped May — get off your duff now.

    Details in Computerworld Woody on Windows.

    UPDATE: Kevin says he wouldn’t call it “defanged” — and he has a good point. I probably should’ve called it “unable to reproduce.” But don’t let that keep you from getting patched.

    UPDATE: Good coverage from Catalin Cimpanu at ZDnet.

    ANOTHER UPDATE: The released exploit “only works against 64-bit versions of Windows 7 and Windows 2008 R2, but not the other Windows versions that were also vulnerable to BlueKeep,” per Cimpanu.

    ANOTHER UPDATE: From Kevin