BlueKeep vulnerability exploit attacks example really there.
(Source: fossbytes.com )
BlueKeep is a high-risk vulnerabilities were discovered in May of this year , it can use Windows Remote Desktop Services (RDS) to spread malicious programs, similar to the way in 2017 with the eternal blue and raging WannaCry ransomware. An attacker could exploit this vulnerability to execute arbitrary code, and send a special request by the Remote Desktop Protocol (the RDP), to the control computer without the need for user interaction.
Earlier reports said there is BlueKeep high-risk vulnerabilities nearly 1 million devices a security risk, according to the scanning BinaryEdge, there are still risks 700 000 equipment , and most of them come from China!
This is a very terrible vulnerability, use is also more difficult, the industry had security personnel only released a few simple PoC (proof of concept) script. Researchers believe that some people use BlueKeep launch a global attack just a matter of time, now, according to fossbytes reports , we saw the first case of the use of BlueKeep attack case really there.
Security researcher Kevin Beaumont found BlueKeep vulnerabilities first attack instance , he uses honeypot detected BlueKeep attacks, "honeypot" can be simply understood as the security industry's "fishing law enforcement", the layout of deliberately setting a has loopholes environment allow an attacker to invade, while making the appropriate record and tracking measures.
The first attack scanned the Internet and encryption currency miners infected a vulnerable system. So far, there is no clear evidence or data theft, there is no sign of an automatic transmission or "worm" action.
评论里也有其他安全研究人员表示观察到了 BlueKeep 利用实例,不过 Jake Williams 表示 BlueKeep:
- 不是蠕虫
- 目前补丁已经打得差不多了,或者漏洞没有那么大的威胁
从研究人员的说法来看,BlueKeep 似乎没有此前被认为的可怕,比如它根本也不是蠕虫,这样感染能力就被大大打了折扣。
值得注意的是,此前微软已经发布的针对该漏洞的补丁,覆盖了 Windows 7 到 Windows 10 的主要版本。