Bluekeep exploit: new global infection

Bluekeep exploit

Bluekeep labeled in the bulletin of critical issues as CVE-2019-0708, for those who had not yet had the pleasure of knowing it, represents a flaw in the RDP protocol to establish remote desktop connections on port 3389 for Windows operating systems such as Windows XP, Vista, Server 2003, 7, Server 2008 and 2008 R2 .... in short, a big problem if we think of old machines that you still find in companies today

The problem lies in the Windows kernel driver called termdd.sys which manages the 32 virtual channels that are created in the RDP connection between client and server: this criticality allows a potential attacker to falsify a specific channel, the number 31 called MS_T210, through which the attacker himself can establish a remote connection, create a Heap memory corruption and thus be able to force the system to execute arbitrary code.

We are in the presence of something dangerous as much as EternalBlue has been and that already allows the return of Ransomware mass infections like Petya or WannaCry and the ability to bring entire companies to their knees on a global scale appears concrete, if there is no attention to updates through the security patch that Microsoft has made available from May 14th.

 RICHIEDI UNA CONSULENZA 

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input