Wednesday, May 7, 2025
HomeComputer SecurityMicrosoft Warned Second Time to Update Windows for Bluekeep RDP Flaw -...

Microsoft Warned Second Time to Update Windows for Bluekeep RDP Flaw – Exploits Already Available in Hackers Hand

Published on

SIEM as a Service

Follow Us on Google News

Its a second time Microsoft urged users to update the recently patched Warmable BlueKeep Remote desktop protocol vulnerability due to the seriousness of this flaw let the hackers perform WannaCry level Attack.

Microsoft already warned first on May 14 when they released a patch for a critical Remote Code Execution vulnerability, CVE-2019-0708.

We have reported about “Bluekeep vulnerability” earlier this week. Successful exploitation of this vulnerability, allows an attacker to execute arbitrary code on the windows machine and to install programs on the machine with elevated privileges.

- Advertisement - Google News

Since the vulnerability is ‘wormable,’ that means, any future malware that exploits this vulnerability could propagate from vulnerable computer to another vulnerable computer.

“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights. ”

Microsoft strongly believes that the attackers already prepared an exploit for this RDP flaw, and soon they will start similarly attacking the vulnerable systems as the WannaCry malware spread across the globe in 2017.

A recent analysis revealed that more than one million PCs on the public internet are still vulnerable to wormable, BlueKeep RDP flaw.

Robert Graham conducted an RDP scan looking for port 3389 used by Remote Desktop to find the possible vulnerable machines. He discovered that 923,671 machines are still vulnerable.

McAfee, Kaspersky, Check Point, and MalwareTech created a Proof-of-Concept (PoC) that would use the CVE-2019-0708 vulnerability that could remotely execute the code on the victim’s machine.

Many Corporate networks are vulnerable

Microsoft also believes many of the corporate networks are still vulnerable, and they are more vulnerable than individual users since there are many systems connected in a single network.

By compromise the single system in a corporate network, an attacker could use it as a potential gateway and compromise the vulnerable computers in the entire network that connected with the internet across the enterprise.

Microsoft released a statement that says, This scenario could be even worse for those who have not kept their internal systems updated with the latest fixes, as any future malware may also attempt further exploitation of vulnerabilities that have already been fixed.

To keep this all the facts in mind, Microsoft strongly advise that all affected systems should be updated as soon as possible.

Mitigations

  • Block Remote Desktop Services if they are not in use.
  • Block TCP port 3389 at the Enterprise Perimeter Firewall.
  • Apply the patch to the vulnerable Machines that have RDP Enabled

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...

CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI...

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using...

Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time

Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered...