A critical Windows vulnerability known as Bluekeep has been exploited by the hacking community.
Over the weekend, security researcher Kevin Beaumont found that the vulnerability was being used after creating several Windows machines that were vulnerable to BlueKeep and connected to the internet. Following a few months of inactivity, the machines created by Beaumont — nicknamed “honeypots” — were broken into by a cryptocurrency miner who was exploiting the vulnerability.
Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) warned that the BlueKeep vulnerability could pose security risks similar to the WannaCry attacks of 2017.
Microsoft issued a warning about the vulnerability in May, but not all machines have been updated with a fix. According to recent figures, roughly 700,000 Windows machines that have the Remote Desktop Service feature activated — including Windows 7, Vista, and XP machines, as well as Windows Server 2003 and 2008 systems — are still vulnerable.
The flaw is considered wormable “because malware exploiting this vulnerability on a system could propagate to other vulnerable systems,” CISA explained. “A BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.”
After Beaumont’s analysis was published, the exploitations appeared to stop. However, security researchers say the threat is still present.
"So far the content being delivered with BlueKeep appear to be frankly a bit lame—coin miners aren't exactly a big threat," Beaumont wrote in a blog post. “However it is clear people now understand how to execute attacks on random targets, and they are starting to do it. This activity doesn’t cause me to worry, but it does cause my spider sense to say ‘this will get worse, later’.”
The finding serves as another warning to those who haven’t patched the flaw to do so as soon as possible. An attacker who exploited the BlueKeep flaw would be able to take control of the machine to view, alter, or delete data or to install new programs.
The National Security Agency (NSA) warned in June that a vulnerability of this nature could have a big impact.
"We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw," the organization said.
Microsoft's website has links to the patches that can mitigate the flaw.