Microsoft’s warning calls on Windows users to update their systems to prevent the possibility of an attack similar to the crippling WannaCry ransomware event in 2017. This is because Microsoft have reported the existence of a “wormable” vulnerability in Remote Desktop Services for Windows. The tech company issued its warning on May 20, 2019.
The technology firm states that the vulnerability permits attackers to remotely run code on a vulnerable computer (including both malware and ransomware). The vulnerability also provides a bridge for any such virus to spread to other computers linked via the same network, much like the path that WannaCry took on a number of machines, leading to its global spread and subsequent billions of dollars of damage.
On May 14 (Patch Tuesday), Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services. Due to the potential great damage that a virus could cause if this vulnerability is exploited, Microsoft has issued a second notification to Windows users. Vulnerability CVE-2019-0708 is better known as BlueKeep. Through this, any attacker who successfully exploits this vulnerability “could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Here Microsoft states: “Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible. It is possible that we won’t see this vulnerability incorporated into malware….But that’s not the way to bet.”
In terms of the seriousness of the risk, independent malware researcher Marcus Hutchins tells TechCrunch that it took him “an hour to figure out how to exploit the vulnerability” and four days to develop working exploit code. In other words, if you run Windows – install the patch.