Quote:The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines.
The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of Windows, in May.
The BlueKeep attacks used an exploit based on a Metasploit module released in September. While the attackers attempted to deliver a Monero miner, the exploit caused many of the targeted systems to crash, which actually led to researchers discovering the attacks.
Researcher Sean Dillon, aka zerosum0x0, who is one of the developers of the BlueKeep Metasploit module, has conducted an analysis and determined that the exploit likely causes devices to crash due to the presence of a patch for the Intel CPU vulnerability known as Meltdown. Dillon said his BlueKeep exploit development setup did not have the Meltdown patch installed, which is why he did not observe the crashes.
The researcher has proposed a fix that should make the exploit more reliable. In the meantime, Kevin Beaumont, the expert whose honeypots caught the BlueKeep exploitation attempts, says he has deployed more sensors, including ones that have been configured to make exploitation more stable. However, he stopped seeing attacks three days ago.
Read more: https://www.securityweek.com/bluekeep-at...down-patch
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
