Microsoft warns of Windows BlueKeep attacks

The Microsoft Defender ATP Research Team (Microsoft Defender ATP Research Team) recently released a statement that the BlueKeep attacks discovered on November 2 are, in essence, connected to a public campaign. Mining cryptocurrency since September, using the same command and control server infrastructure (C2).

BlueKeep is an unauthenticated remote code execution vulnerability affecting most commonly used Microsoft products such as Remote Desktop Services on Windows 7, Windows Server 2008 and Windows Server 2008 R2. The patch was released by the company on May 14.

However, this vulnerability is showing signs of returning with a series of newly recorded reports, prompting the Microsoft Defender ATP Research Team to issue a notice calling users to immediately deploy patches for systems. Windows is vulnerable to BlueKeep.

Microsoft forecasts hackers will take advantage of BlueKeep to deploy more dangerous and complex attacks in the near future: "BlueKeep will be used by hackers as a factor to help deploy more malicious payloads, more efficient, and thus causing greater damage than was abused by previous cryptocurrency miners. '

After collecting and analyzing Indicators of Compromise (IoC) as well as some other related data, Microsoft security researchers found that a mining operation The previous virtual in September was closely related to the infrastructure of only the C2 server used in the BlueKeep Metasploit campaign in October. This shows that hackers have orchestrated cryptocurrency mining attacks and eventually combined with BlueKeep to deploy more sophisticated malicious activities.

BlueKeep will no longer be a threat unless users install the latest patch, and the overall security situation is strictly controlled.

You can visit the address below to find more information about security patches released by Microsoft to deal with current security vulnerabilities, including BlueKeep:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708