A devastating cyber attack that exploits the BlueKeep vulnerability is only weeks away, according to experts. If the vulnerability is indeed exploited, it is expected to mushroom into more of a menace than EternalBlue and to inflict more damage than the WannaCry attacks of 2017. Known as CVE-2019-0708, this bug affects computers operating off of Windows 7 or earlier.
The US Department of Homeland Security is urging Microsoft Windows users to update their systems, echoing the warnings of Microsoft itself, and the National Security Agency.
“It’s now a race against the clock by cyber criminals which makes this vulnerability a ticking cyber bomb,” says Yaniv Balmas, the global head of cyber security at Check Point Software.
Up until now, hackers have only been able to exploit EternalBlue to crash computers, not exactly netting them the valuable data or the financial rewards they’re after. Nonetheless, new methods of exploitation are clearly on the horizon. The federal attention being given to this vulnerability is unprecedented, indicating the severity of the threat.
One concern is that a wormable exploit could move laterally within computer systems, taking over a huge volume of machines, including ones that are not organically vulnerable to the BlueKeep exploit.
Organizations should stay vigilant, making sure to patch systems where viable, upgrading end-of life operating systems where possible, disabling unnecessary services, and otherwise take precautions for safeguarding internet-facing devices.
Get the full story from Forbes.