News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • BlueKeep now being used in attacks – but the sky isn’t falling

    Home Forums AskWoody blog BlueKeep now being used in attacks – but the sky isn’t falling

    Tagged: 

    This topic contains 8 replies, has 6 voices, and was last updated by  b 4 days, 23 hours ago.

    • Author
      Posts
    • #1998278 Reply

      woody
      Da Boss

      Remember BlueKeep – the “wormable” monster infection that was supposed to take over the Windows world? Two months ago, I warned that there was a worki
      [See the full post at: BlueKeep now being used in attacks – but the sky isn’t falling]

      4 users thanked author for this post.
    • #1998374 Reply

      anonymous

      Just to be clear, the SO update, kb449175 covers this, right?

      • #1998377 Reply

        PKCano
        Da Boss

        That is correct. The May 2019 SO and Rollup cover BlueKeep.

        2 users thanked author for this post.
        • #1998469 Reply

          OscarCP
          AskWoody Plus

          Does that SO patch also disable RDP and port 3389, or is that a separate issue still in need of being taken care of? I understand those actions are recommended to generally improve security when accessing the Internet, but are they already also “covered” somehow, by that patch, at least as far as the BlueKeep threat goes, or do we have to do something about it as well, because of BlueKeep?

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

          • #1998481 Reply

            PKCano
            Da Boss

            I believe RDP is disabled by default. But you can verify it at:
            Control Panel\System\System Properties on the Remote tab.
            But the support page for 2019-05 Security-only Qyality Update KB4499175 doesn’t mention anything specifically about closing any port.

            1 user thanked author for this post.
          • #1998487 Reply

            warrenrumak
            AskWoody Plus

            There’s no way Microsoft would release a security-only patch that would disable RDP and/or close the firewall port.  No way whatsoever.

    • #1998482 Reply

      OscarCP
      AskWoody Plus

      Woody (Home page blog entry): “Thx GoneToPlaid (who just had a Tesla mode named after him).

      Would that be a”Tesla model”? And if not, what?

      And heartfelt thanks, indeed, to GoneToPlaid! And, whatever has been named after his handle, hearty congrats, I’d imagine, may also be called for! (If it is a “model”, I also hope he is going to be most handsomely paid for the right of Mr. Musk to use his nom de guerre to name one of his company’s cars!)

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W(?) + Mac&Lx

      • #1998551 Reply

        anonymous

        I enjoy the humor references, so took the time to find a reference you can follow up.

        https://en.wikipedia.org/wiki/List_of_Easter_eggs_in_Tesla_products#Spaceballs_and_Ludicrous+

        In the movie Spaceballs, there is only one speed which exceeds ludicrous. As a continuation of Tesla’s use of Spaceballs terminology, future versions of the Model S and Model X, as well as the Tesla Roadster (2020), will include a new mode of acceleration which is even faster than Ludicrous+. This new mode is called “Plaid”.[78][79][80] It may be depicted in the cars, as it is in the movie, by a plaid pattern in space.

        (references for footnotes [78][79][80] included at linked article, with appropriate links)

        1 user thanked author for this post.
    • #2001164 Reply

      b
      AskWoody Plus

      Our machine learning models flagged the presence of the coin miner payload used in these attacks on machines in France, Russia, Italy, Spain, Ukraine, Germany, the United Kingdom, and many other countries.
      The new CVE-2019-0708 RDP exploit attacks, explained (Microsoft Security Blog)

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: BlueKeep now being used in attacks – but the sky isn’t falling

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.