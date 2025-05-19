from the maybe-we-*should*-be-worried dept.
It has been nine days since Microsoft patched the high-severity vulnerability known as BlueKeep, and yet the dire advisories about its potential to sow worldwide disruptions keep coming.
Until recently, there was little independent corroboration that exploits could spread virally from computer to computer in a way not seen since the WannaCry and NotPetya worms shut down computers worldwide in 2017. Some researchers felt Microsoft has been unusually tight-lipped with partners about this vulnerability, possibly out of concern that any details, despite everyone's best efforts, might hasten the spread of working exploit code.
Until recently, researchers had to take Microsoft's word the vulnerability was severe. Then five researchers from security firm McAfee reported last Tuesday that they were able to exploit the vulnerability and gain remote code execution without any end-user interaction. The post affirmed that CVE-2019-0708, as the vulnerability is indexed, is every bit as critical as Microsoft said it was.
"There is a gray area to responsible disclosure," the researchers wrote. "With our investigation we can confirm that the exploit is working and that it is possible to remotely execute code on a vulnerable system without authentication."
https://arstechnica.com/information-technology/2019/05/why-a-windows-flaw-patched-nine-days-ago-is-still-spooking-the-internet/
https://arstechnica.com/information-technology/2019/05/microsoft-warns-wormable-windows-bug-could-lead-to-another-wannacry/
Entry in the "Common Vulnerabilities and Exposures" database: CVE-2019-0708.
(Score: 2) by Runaway1956 on Saturday May 25, @07:17AM
Upgrade to *nix and stop worring.
(Score: 2) by shortscreen on Saturday May 25, @07:23AM (1 child)
TFS doesn't say RDP but this sounds like the RDP vulnerability that I read about the other day.
Windows 2000 workstation doesn't have the RDP service so it looks like I'm going to miss out on this party :( Although since MS went to the trouble of releasing a patch for XP, I downloaded the patches in case I feel like updating my two laptops that came with different versions of Windows. But they're on the other side of the NAT so I guess no RDP packets are coming in anyway. (If I don't know what I'm talking about and someone wants to correct me that's fine too. It was always said that the quickest way to get information on USENET was to post something horribly wrong and then wait for the corrections to flood in.)
(Score: 2) by RS3 on Saturday May 25, @08:04AM
You're probably okay if you're using a typical recent home gateway (router). You likely have "firewall" which means no ports are open to the Internet by default. Many gateways have pre-programmed packages of ports you can turn on for gaming, nanny-cams, etc. If you know how to get into the admin of the gateway, you can and should check this.
There's NAT in and a separate NAT out. You can have no open ports to the Internet, but when your computer sends a packet, the gateway will remember and open a port to receive the packets. NAT will translate the IP addresses and port numbers.
And it's very easy to turn RDP off in Windows. You can even disable the services to be sure it's off.
Usually the only worrisome port typically turned on in Windows is SMB / CIFS - Windows file sharing, and having that port open to the Internet would be disastrous if you have "server" or Windows file sharing turned on.
I'm sure others will add (or subtract!) from this...