News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example

    Home Forums AskWoody blog Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example

    Tagged: 

    This topic contains 4 replies, has 5 voices, and was last updated by  PKCano 3 weeks, 3 days ago.

    • Author
      Posts
    • #1896165 Reply

      woody
      Da Boss

      Catalin Cimpanu wrote in ZDNet on Friday that there’s a “weaponized” BlueKeep exploit available if you have the cash. (More BlueKeep info here.) There
      [See the full post at: Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example]

    • #1896407 Reply

      EstherD
      AskWoody Plus

      Any evidence that BlueKeep is exploitable if RDP / remote access is turned OFF? I haven’t seen any, though I freely admit to not having looked very hard recently.

      It’s easy to do. Doesn’t even require hand-to-hand combat with the registry. Seems to me that turning this feature off should be on everyone’s security ToDo list. (Except for those who KNOW that they need to use it, of course.)

    • #1896741 Reply

      Microfix
      Da Boss

      posted pointing to a good borncity article 1894439 on the other Bluekeep thread.

       

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #1897187 Reply

      anonymous

      Maybe this belongs in the Rant area.

      BlueKeep remain suspicious  to me.

      1. No single patch for just Bluekeep. I will not go the all route either in Security or Complete Patches. If Bluekeep is so bad, why not just a patch for that. That way almost  no bugs. It should basically be a matter of just replacing one Dll.
      2. The patch that is suggested for Bluekeep comes with Telemetry. Microsoft instead of making sure all get patched for Bluekeep, instead is still playing their game of Time to get win 10 on your system. 10 is not going to happen here. Ms should know that. They should be trying to head off the worm, but instead are playing games and getting others to say no thank you to patching.
      3. Bluekeep has been official around since May ( almost Three months) and still no real worms has been seen. By the way one place where Remote Desktop makes sense ( and IMO the only place) is diagnosis. Why else would one give others use of YOUR computer to a remote user?

       

      • #1897276 Reply

        PKCano
        Da Boss

        The patch that is suggested for Bluekeep comes with Telemetry. Microsoft instead of making sure all get patched for Bluekeep, instead is still playing their game of Time to get win 10 on your system.

        That is incorrect.

        Previous to Sept 2018, KB2952664 (Compatibility Appraiser) was a separate unique patch.

        +The May Monthly Rollup and Security-only Update contain the fix for BlueKeep.
        + the May Security-only Update DOES NOT contain telemetry.
        + The July Security-only Update DOES contain telemetry (KB2952664 functionality = Compatibility Appraiser) and DOES NOT contain the fix for BlueKeep
        + Telemetry (KB2952664 functionality = Compatibility Appraiser) was introduced in the Sept 2018 Rollup Preview and in the Oct 2018 Monthly Rollup.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Even though there’s a BlueKeep exploit for sale, it doesn’t work very well – doesn’t propagate, for example

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.