TECH
In 22 seconds, code exploits breach 'BlueKeep' and takes control of Windows systemA security researcher demonstrated a code capable of exploiting a breakthrough in Windows Remote Desktop to take full control of a system in 22 seconds. The bug, which was dubbed "BlueKeep," has already been fixed by Microsoft, but many systems are still vulnerable.
The code developer uses the "zerosum0x0" account on Twitter. He posted a video demonstrating the stages of the attack, lasting 22 seconds. In addition to exploiting the crash, the demonstration still used a tool known as Mimikatz to steal the Windows login and password credentials.
The researcher kept the code a secret, saying it is still "too dangerous" to make it available.
Fault scanning does not depend on any interaction by the target system. It is enough that it is connected to the internet and with Remote Desktop configured and active. Experts fear a major cyber attack based on this vulnerability is imminent.
Because Remote Desktop is more widely used in enterprise environments, home users should be unaffected by this failure. Microsoft and several security experts and companies have issued warnings advising companies to apply the bug fix as soon as possible. Windows 10 is not vulnerable
The "BlueKeep" fault is in the Windows Remote Desktop component and affects many editions of the system still in use, such as Windows XP, Windows Server 2003 and 2008, Windows Vista, and Windows 7.
Windows 10 and Windows 8.1 are immune to this flaw, according to Microsoft.
Due to the risk represented by outdated systems, Microsoft also decided to launch an exceptional update for Windows XP. The system, released in 2001, is considered obsolete and no longer receives regular updates from the manufacturer. By Altieres Rohr, Brazil
No comments:
Post a Comment