قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ A million devices still vulnerable to wormable RDP hole – Naked Security

A million devices still vulnerable to wormable RDP hole – Naked Security



An internet-wide scan has revealed almost one million devices vulnerable to BlueKeep, the Windows vulnerability that has the security community on high alert this month.

BlueKeep is better known as CVE-2019-0708, a vulnerability that Microsoft announced in its May Patch Tuesday release that affects Windows Remote Desktop Services, accessible via the RDP protocol. It allows remote code execution and is wormable, meaning that a compromised Windows machine could seek out and infect other vulnerable devices with no human interaction. Worms can spread quickly online, as we saw with the WannaCry ransomware exploit in 2017.

BlueKeep affects Windows XP, Vista, and 7 machines, but not Windows 8 or 10 boxes. The older versions make up around 35% of Windows installations, according to Statcounter. The flaw also affects Windows Server 2003 and 2008.

Security researcher Rob Graham ran a two-part scanning project to find out how many machines were vulnerable to this worrying flaw. He started scanning the entire internet using the mass-scanning tool to find all devices responding to port 3389, the most commonly used with RDP.

Then, he honed the results by forking a BlueKeep scanner project that ended up in the Metasploit pen testing tool last week. His fork created rdpscan, a tool designed to fix iterate over a large set of addresses looking for vulnerable to BlueKeep exploits.

He did this about Tor, but it probably wasn't the person who caused a spike in RDP scans via the anonymous onion routing service last week:

That's far more vulnerable to BlueKeep than there vulnerable to the flaw that enabled WannaCry to spread around the globe in a day.

Kevin Beaumont, the security researcher who gave BlueKeep's nickname, pointed out that the number of machines exposed to the internet via RDP is just the tip of the building: