Microsoft warns of Windows BlueKeep attacks
The Microsoft Defender ATP Research Team (Microsoft Defender ATP Research Team) recently released a statement that the BlueKeep attacks discovered on November 2 are, in essence, connected to a public campaign. Mining cryptocurrency since September, using the same command and control server infrastructure (C2).
BlueKeep is an unauthenticated remote code execution vulnerability affecting most commonly used Microsoft products such as Remote Desktop Services on Windows 7, Windows Server 2008 and Windows Server 2008 R2. The patch was released by the company on May 14.
However, this vulnerability is showing signs of returning with a series of newly recorded reports, prompting the Microsoft Defender ATP Research Team to issue a notice calling users to immediately deploy patches for systems. Windows is vulnerable to BlueKeep.
Microsoft forecasts hackers will take advantage of BlueKeep to deploy more dangerous and complex attacks in the near future: "BlueKeep will be used by hackers as a factor to help deploy more malicious payloads, more efficient, and thus causing greater damage than was abused by previous cryptocurrency miners. '
After collecting and analyzing Indicators of Compromise (IoC) as well as some other related data, Microsoft security researchers found that a mining operation The previous virtual in September was closely related to the infrastructure of only the C2 server used in the BlueKeep Metasploit campaign in October. This shows that hackers have orchestrated cryptocurrency mining attacks and eventually combined with BlueKeep to deploy more sophisticated malicious activities.
BlueKeep will no longer be a threat unless users install the latest patch, and the overall security situation is strictly controlled.
You can visit the address below to find more information about security patches released by Microsoft to deal with current security vulnerabilities, including BlueKeep:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
You should read it
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Microsoft rushed to release security updates for Windows XP, Server 2003
- Remote workstation security in Windows Server 2008 R2
- Steps to prepare for installing Windows Server 2008
- Learn the new Network Policy Server feature in Windows Server 2008
- New points in SQL 2008 (Part 1)
- Microsoft stopped supporting SQL Server 2008 and Windows Server 2008
- Microsoft has a group of 'elite' hackers that specialize in attacking Windows to keep the operating system safe
- Windows Server 2008 cleans the path for 64-bit
- Windows 7, Windows Server 2008 R2 will continue to be unofficially supported for another two years
- Application security with AppLocker
- 10 reasons to install Windows Server 2008