Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security Alert: A critical vulnerability in Microsoft RDP could lead to another Wanna
#1
Exclamation 
Quote:
[Image: heimdal-logo.svg]

Here is what you need to do to stay safe

A network detection rule/signature provided by NCCgroup concerning CVE-ID CVE-2019-0708, which occurs in RDP implementations down to Windows XP, has just been released.

Our experts have credible intelligence to support that this vulnerability could be exploited in less than a week, potentially producing the same amount of damage as we have seen in the case of self-replicating code like WannaCry and the older Conficker worm.

As per our intelligence, 8.5% of machines are vulnerable to the attacks. Based on this data, we conclude the impact it could have on organizations worldwide would be devastating.

Our Research & Intelligence team, which monitors underground fora and dark market services, has observed several offers for sale of functional exploit code. One of these offers, in particular, comes from a person who had previously sold 0-day vulnerabilities on the dark market.

We are already in possession of the functional exploit code and we can confirm that it works scarily reliable against vulnerable installations/services.

How does the exploit work and how critical is it?

Although Microsoft has stopped offering support for Windows XP and other older versions since 2014, they released a new patch on May 14, 2019.

Here is the list of vulnerable operating systems:

* Windows 2003
* Windows XP
* Windows 7
* Windows Server 2008
* Windows Server 2008 R2

If exploited, a remote code execution bug in RDP would allow hackers to run code on machines using RDP without them having to authenticate. Once an attacker breaks into a computer this way, they have full control over the machine – no login credentials needed!

The simple fact that you are running RDP could mean the gates to your system are wide open.

This vulnerability could allow access to worms, which are pieces of malware that have the capability to replicates themselves across a network.

We’ve noticed this happen in the past with attacks such as WannaCry and NotPetya and most probably, this RDP vulnerability will lead to another similar cyber disaster.

WannaCry was a ransomware worm that spread around the globe in 24 hours, infecting around 300 million computers in 150 countries at an alarming pace. The National Health Service (NHS) in England and Scotland was one of the first companies affected, and other major victims included Telefonica, Renault, and Fed-Ex.

What’s even more concerning is that the NotPetya outbreak followed shortly after, probably fueled by to the it-will-not-happen-to-me mentality and by people not taking matters like these seriously. NotPetya was based on the same EternalBlue exploit, and the activity of giant organizations such as Maersk and Ukraine’s central bank was disrupted.

This proves the lack of regular patching of outdated systems and people not learning their lessons remain fundamental problems.
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>