Here we go again: Microsoft warns users to update Windows against ‘DejaBlue’

Here we go again: Microsoft warns users to update Windows against ‘DejaBlue’

Microsoft published a warning detailing seven new Windows vulnerabilities that attackers can exploit using the Remote Desktop Protocol (RDP).

Of the security flaws, Microsoft warns that two are particularly severe, and malicious actors could use them to create an automated worm that can jump between Windows-powered machines, potentially infecting millions of computers.

If you’re feeling a sense of deja vu, you’re not alone.

Security researchers tracking the new exploit half-jokingly called it ‘DejaBlue’ due to its resemblance to BlueKeep, another RDP security flaw exposed in May.

While BlueKeep had the potential to create a computer worm like DejaBlue, the new flaws are much worse. BlueKeep affected Windows 7 PCs and earlier. DejaBlue affects everything after as well, including all recent versions of the Windows OS.

In other words, nearly all Windows computers will need a patch against DejaBlue.

For the unfamiliar, RDP is a tool for administrators to connect to other computers in a network. Microsoft says it found and patched these new bugs itself while working to improve RDP security. A British intelligence agency, GCHQ, spotted the BlueKeep exploit.

Further, Microsoft told Wired that it currently has no evidence that the vulnerabilities were known to any third party.

Getting the patch to users is the challenge

However, getting users to update PCs might be a significant hurdle. Since BlueKeep was discovered at the beginning of May, security researchers estimate close to one million PCs were affected. Now, estimates say between 730,000 and 800,000 computers are still vulnerable to BlueKeep.

However, DejaBlue effectively resets this, with the number of machines vulnerable to RDP likely in the same ballpark.

Some researchers discovered that a setting called Network-Level Authentication (NLA) in Windows blocked the exploits. Estimates place the number of computers with NLA enabled at 1.2 million, but it’s not clear how many more don’t have NLA enabled.

It’s also worth noting that, despite warnings from both Microsoft and security researchers about BlueKeep’s potential to become a worm, three months have passed with no signs of infection.

Hackers could be executing smaller attacks on specific targets using BlueKeep. However, the absence of a worm could also be related to the security community’s restraint. The community avoided publicly releasing proof-of-concept hacking tools that use the vulnerabilities.

Or it could be because building reliable intrusion attacks using BlueKeep is quite tricky.

However, DejaBlue may be easier to exploit than BlueKeep. Worse, there’s more incentive with DejaBlue, since it affects newer computers and potentially more people.

On the other side of this is that newer Windows computers tend to get updates quicker, thanks to automatic updates. Wired says that users with automatic updates enabled should receive the patch soon if they haven’t already. For those who disabled automatic updates, you should turn on NLA to protect yourself until you can download the patch (available here).

Source: Microsoft Via: Wired

More on this story

31-07-2019, 13:10 Technology

Google’s bug-hunting team, Project Zero, is uncovering security flaws in Apple operating systems again, this time

Technology
0.0

11-07-2019, 19:00 Technology

Passwords suck. They can be challenging to remember, meaning people often use them across multiple devices and

Technology
0.0

28-06-2019, 12:40 Technology

Microsoft’s digital assistant, Cortana, may become its own app in the future. Since the launch of Windows 10, Cortana

Technology
0.0

22-06-2019, 17:20 Technology

Microsoft unveiled a lot of new things at its 2019 Build conference in Seattle, Washington last month, and one of the

Technology
0.0

19-06-2019, 20:00 Technology

Microsoft has partnered with DIY computer kit maker Kano on a build-your-own 2-in-1 Windows PC. The Kano PC is intended

Technology
0.0

4-06-2019, 15:20 Technology

Microsoft has renamed its Xbox app on Windows 10 to “Xbox Console Companion.” In a message on Windows 10, Microsoft

Technology
0.0

31-05-2019, 21:00 Technology

Microsoft has issued a warning to users urging them to update their systems in order to prevent a major Windows

Technology
0.0

25-05-2019, 14:19 Technology / tips

In this lesson, you will learn how to create a new folder in Windows. After you begin to create and save files in

Technology / tips
0.0

24-05-2019, 11:10 Technology

Huawei’s laptops, the MateBook X Pro and MateBook 13, are no longer available for purchase on Microsoft Store Online in

Technology
0.0