'BlueKeep' attack hits unpatched Windows 7 PCs

By Staff Writer | 04 Nov 2019 at 07:42hrs
Windows 7
A "BlueKeep" attack which deploys crypto-mining payloads is currently affecting devices running vulnerable versions of Windows.

Security researchers Kevin Beaumont and Marcus Hutchins confirmed that a widespread attack is underway.

Operating systems that are susceptible to the vulnerability include Windows Server 2003, Windows XP, Windows Vista, and Windows 7, as well as Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.

Warning signs

In recent months, security experts anticipated exploits of unpatched Windows systems similar to the WannaCry ransomware attack from 2017.

The first indication of incoming attacks was when Microsoft provided a patch for Windows XP in May 2019 after years of no updates.

The company issued warnings on two occasions that month, urging users with susceptible systems to update or risk falling victim to a wormable Windows vulnerability.

This was followed by an advisory from the US National Security Agency (NSA) recommending Microsoft Windows administrators update their OS.

On 17 June, the Cybersecurity and Infrastructure Security Agency (CISA) also sent out an "update now" alert.

Errata Security reported that in May 2019 there were almost 1 million computers susceptible to the "BlueKeep" attack.

The initial fears of a worm automatically infecting system after system and wiping out data, as was the case in the WannaCry attack, have not materialised.

The perpetrators are currently targeting vulnerable Windows systems with Remote Desktop Services (RDP) 3389 ports open to the Internet.

This exploit is being used to install cryptocurrency miners which hog the resources of victim's systems by running in the background.



WhatsApp Newsletter

Follow us

Latest Headlines