Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit

The memory log from one of the "honeypot" systems, a computer intentionally left vulnerable to catch the worm. Image via Kevin Beaumont
The memory log from one of the "honeypot" systems, a computer intentionally left vulnerable to catch the worm. Image via Kevin Beaumont
A security researcher discovered the first worm to take advantage of the BlueKeep in older versions of Windows exploit disclosed earlier this year. Machine running Windows 7 and below have a critical security flaw that can allow attackers full access. This attack installed a Monero cryptocurrency miner without tripping any flags other than high CPU usage. Considering the number of organizations and government agencies that still rely on legacy Windows machines, BlueKeep could turn out to be a much larger threat than many realize.
Sam Medley,

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer - Details here

Over the past weekend, a cybersecurity researcher discovered a widespread attack that exploits a vulnerability in older Windows systems. The attacker was able to remotely install a cryptocurrency miner, though the damage could have been much worse.

Kevin Beaumont, a security researcher, discovered the attack after setting up a handful of systems running older versions of Windows. The attack exploited a vulnerability dubbed BlueKeep that takes advantage of a flaw in the Remote Desktop Service feature of older systems.

Working with MalwareTech (Marcus Hutchins), the researcher that found the WannaCry killswitch, Beaumont discovered the worm could invisibly infect vulnerable machines and install a Monero Miner, all without the knowledge of the end-user.

Microsoft announced the vulnerability and released a patch this past May. The company pushed users to install the patch again over the summer. The flaw is so widespread that even the NSA has urged users to update their machines.

Why is this important? BlueKeep affects machines running Windows 7, Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008 that have the Remote Desktop Service activated. While most individual PC users likely own a machine running Windows 10, several businesses, hospitals, and government agencies still run older versions of Windows. If these organizations haven’t updated their systems with the latest patch, which is likely, their computers may be ticking timebombs.

The security patch for BlueKeep can be found on Microsoft’s website here.

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Read all 2 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Sam Medley
Sam Medley - Senior Tech Writer - 1131 articles published on Notebookcheck since 2016
I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.
contact me via: @samuel_medley
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit
Sam Medley, 2019-11- 6 (Update: 2019-11- 6)