In June, Microsoft (and the NSA) implored organizations to patch now for CVE-2019-0708 which had been released in May. This urging harkened back to May 2017, when unpatched systems were infected with WannaCry, the EternalBlue worm that spread through Server Message Block (SMB). CVE-2019-0708, a worm better known as “BlueKeep,” affects Remote Desktop Services (RDP) residing on earlier versions of Windows, including Windows 2003 and XP, Vista 7, Server 2008 R2, and Server 2008. Similar to 2017, Microsoft issued a patch months ago, prior to any known working exploits in the wild. While still an urgent patch now prioritization, there was not a publicly available exploit – until now. On Friday, a working, albeit not polished, exploit was released on Metasploit, an open-source vulnerability exploit framework used by good guys and bad guys alike. This new BlueKeep exploit has the ability to dump credentials used to connect to other computers. In other words, the exploit requires the compromise of only one vulnerable device that could be used to further spread the worm across a network of otherwise fully patched computers without any user interaction. For organizations that struggle with patch management and prioritization, consider this rule of thumb – when Microsoft issues a security update for long ago end-of-life/unsupported operating systems, do not delay. For more discussion on patching and vulnerability management, download (if you haven’t already) WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities from https://www.waterisac.org/fundamentals. Read the post at ArsTechnica
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!