There are enough exploit development people in private who have RCE now (or very close) to say this is very likely to become a public exploit in the near term.
-
Show this thread
-
There’s been a crowdsourced exploit development process with a sprinkle of reused nation state hacking ideas and basically the barrier to entry to exploit this is crumbling. Keep calm and patch on - maybe a bit faster.
4 replies 11 retweets 31 likesShow this thread -
There’s no public remote code execution exploit for this. Levels of scanning for both the vulnerability and RDP have actually dropped down over last few days.
3 replies 2 retweets 15 likesShow this thread -
Kevin Beaumont Retweeted Bad Packets Report
There is limited scanning for BlueKeep vulnerability. There is no public remote code execution PoC.https://twitter.com/bad_packets/status/1132970504023764992?s=21 …
Kevin Beaumont added,
2 replies 4 retweets 12 likesShow this thread -
In terms of data, almost every RDP scan for BlueKeep uses TLS (end to end encryption) currently so if you’re not seeing it much in your IDS, that would be why.
2 replies 3 retweets 17 likesShow this thread -
Kevin Beaumont Retweeted Robᵉʳᵗ Graham 😷
Rob estimates around a million directly connected to internet systems with RDP open are still vulnerable to BlueKeep.https://twitter.com/erratarob/status/1133317346016284672?s=21 …
Kevin Beaumont added,
2 replies 9 retweets 15 likesShow this thread -
Spoiler: it will be way, way higher when you get to systems inside organisations.
4 replies 3 retweets 29 likesShow this thread -
A warning re CVE-2019-0708 aka BlueKeep. There are significantly higher number of internet accessible devices vulnerable than vulnerable to MS17-010 during WannaCry. I have scan results from back then using
@zerosum0x0’s scanner (they also wrote the BlueKeep scanner).1 reply 18 retweets 32 likesShow this thread -
I guess my message to security community is be very careful to continue to not expose any remote code execution code in public or even private because this has potential to be extremely messy, the numbers need to come way down.
2 replies 5 retweets 37 likesShow this thread -
There's a couple of public blue screen proof of concepts for this now. Haven't seen any used in wild yet. They do not allow code execution.
2 replies 2 retweets 15 likesShow this thread
I'm kinda surprised there aren't any idiots going around DoSing everyone with RDP exposed.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Netherlands 3,652
Russia 2,376
China 2,209
United States 537
South Korea 293
Germany 179
Vietnam 168
Canada 63
Greece 54
Latvia 19
All Other Countries 36