{"id":15323,"date":"2019-05-15T10:10:05","date_gmt":"2019-05-15T18:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/15\/news-9072\/"},"modified":"2019-05-15T10:10:05","modified_gmt":"2019-05-15T18:10:05","slug":"news-9072","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/05\/15\/news-9072\/","title":{"rendered":"Microsoft pushes patch to prevent &#8216;WannaCry&#8217; level vulnerability"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Wed, 15 May 2019 16:57:16 +0000<\/strong><\/p>\n<p>This month marks the two-year anniversary since the infamous <a rel=\"noreferrer noopener\" aria-label=\"WannaCry attack (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/malware-threat-analysis\/2017\/07\/all-this-eternalpetya-stuff-makes-me-wannacry\/\" target=\"_blank\">WannaCry attack<\/a>. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified <a href=\"http:\/\/Can we add this link somewhere in the first paragraph? https:\/\/blogs.technet.microsoft.com\/msrc\/2019\/05\/14\/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Remote Desktop Protocol (RDP) (opens in a new tab)\">Remote Desktop Protocol (RDP)<\/a> vulnerability found in certain Windows operating systems.<\/p>\n<p>The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry ransomware, a malware that utilized weaponized vulnerabilities to infect systems across the globe, basically acting as a worm. This same RDP vulnerability allows attackers to execute code on the targeted system without needing to infect the system first.<\/p>\n<p>So, worst-case-scenario? A WannaCry wannabe will quickly spread malware across the world, exploiting vulnerable systems and sending everyone into a panic.<\/p>\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\"> <iframe  src='https:\/\/www.youtube.com\/embed\/IEAtGCkbq5Y?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent' width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe>  <\/div>\n<\/figure>\n<h3>How to patch the vulnerability<\/h3>\n<p>So how do you fix this? Luckily, Microsoft has released patches for vulnerable operating systems, which includes most operating systems pre-Windows 8:<\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows 7 for 32-bit Systems Service Pack 1<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows 7 for x64-based Systems Service Pack 1<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 for 32-bit Systems Service Pack 2<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 for Itanium-Based Systems Service Pack<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 for x64-based Systems Service Pack 2<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 R2 for x64-based Systems Service Pack 1<\/a><\/li>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows XP SP3 x86<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows XP Professional x64 Edition SP2<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows XP Embedded SP3 x86<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2003 SP2 x86<\/a><\/li>\n<li><a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4500705\/customer-guidance-for-cve-2019-0708\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Server 2003 x64 Edition SP2<\/a><\/li>\n<\/ul>\n<p>Anyone who is running Windows 8, 10, or any of the modern Windows Server operating systems is not vulnerable to this threat.<\/p>\n<p>If you have one of the aforementioned operating systems currently running and connected to the Internet, you&#8217;ll need to update as soon as possible. Not all of these operating systems are out of support for Microsoft, and those <a rel=\"noreferrer noopener\" aria-label=\"who have automatic updates should be fine and patched already (opens in a new tab)\" href=\"https:\/\/support.microsoft.com\/en-us\/help\/875349\/how-to-change-your-automatic-updates-settings-by-using-windows-securit\" target=\"_blank\">who have automatic updates should be fine and patched already<\/a>.<\/p>\n<p>However, if you are unable to enable automatic updates, or you are still running Windows XP and\/or Windows Server 2003, you&#8217;ll need to download the patch and manually execute it.<\/p>\n<p>For those of you who need to update manually, just click on the operating system you are working with and you&#8217;ll be navigated to the Microsoft patch download page, which has the patches you need to download.<\/p>\n<figure class=\"wp-block-embed-twitter wp-block-embed is-type-rich is-provider-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> Very important security update for Windows <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch against. Around 3 million RDP endpoints are directly exposed to internet. <a href=\"https:\/\/t.co\/EAdg3VNMjw\">https:\/\/t.co\/EAdg3VNMjw<\/a> <a href=\"https:\/\/t.co\/u2V3uyoyVs\">pic.twitter.com\/u2V3uyoyVs<\/a><\/p>\n<p>&mdash; Kevin Beaumont <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/11.2.0\/72x72\/1f9dd-1f3fd-200d-2640-fe0f.png\" alt=\"\ud83e\udddd\ud83c\udffd\u200d\u2640\ufe0f\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> (@GossiTheDog) <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1128348383704485895?ref_src=twsrc%5Etfw\">May 14, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/div><figcaption>Security researcher Kevin Beaumont identified millions of vulnerable systems on Shodan.io.<\/figcaption><\/figure>\n<h3>Learning from history<\/h3>\n<p>RDP has historically been an avenue for attackers attempting to break into systems and\/or drop malware, but we&#8217;ve noticed an uptick in RDP attacks against businesses over the last year. With that in mind, even after patching, you should consider <a rel=\"noreferrer noopener\" aria-label=\"checking out our guide on how to protect RDP from Ransomware attacks (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/security-world\/business-security-world\/2018\/08\/protect-rdp-access-ransomware-attacks\/\" target=\"_blank\">checking out our guide on how to protect RDP from ransomware attacks<\/a>.<\/p>\n<p>The incident with WannaCry in 2017 has forever changed the perception of how to launch an effective attack against a large portion of the world. We&#8217;ve observed exploits used by this threat in modern commercial malware, such as <a rel=\"noreferrer noopener\" aria-label=\"Emotet (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/03\/emotet-revisited-this-pervasive-persistent-threat-is-still-a-danger-to-businesses\/\" target=\"_blank\">Emotet<\/a> and <a rel=\"noreferrer noopener\" aria-label=\"TrickBot (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/11\/trickbot-takes-top-business-threat\/\" target=\"_blank\">TrickBot<\/a>. <\/p>\n<p>It would not be out of the realm of possibility that within the next few weeks, this vulnerability will be weaponized and used against consumers and businesses who fail to patch and protect their networks. Don&#8217;t be a statistic. Protect your machines, data, networks, and users right now.<\/p>\n<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/\">Microsoft pushes patch to prevent &#8216;WannaCry&#8217; level vulnerability<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Wed, 15 May 2019 16:57:16 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/' title='Microsoft pushes patch to prevent 'WannaCry' level vulnerability'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/shutterstock_627594560.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack\u2014though Microsoft has released a patch. Have you updated yet?<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/\" rel=\"category tag\">Cybercrime<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/cybercrime\/exploits\/\" rel=\"category tag\">Exploits<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit\/\" rel=\"tag\">exploit<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/patching\/\" rel=\"tag\">patching<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rdp\/\" rel=\"tag\">rdp<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/remote-desktop-protocol\/\" rel=\"tag\">remote desktop protocol<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerability\/\" rel=\"tag\">vulnerability<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/wannacry\/\" rel=\"tag\">WannaCry<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-7\/\" rel=\"tag\">windows 7<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-8\/\" rel=\"tag\">windows 8<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-server-2003\/\" rel=\"tag\">windows server 2003<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-server-2008\/\" rel=\"tag\">windows server 2008<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/windows-xp\/\" rel=\"tag\">windows xp<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/worm\/\" rel=\"tag\">worm<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/' title='Microsoft pushes patch to prevent 'WannaCry' level vulnerability'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/05\/microsoft-pushes-patch-to-prevent-wannacry-level-vulnerability\/\">Microsoft pushes patch to prevent &#8216;WannaCry&#8217; level vulnerability<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[4503,11638,10987,12557,18324,18285,10467,12252,17330,15803,21798,21799,12261,10901],"class_list":["post-15323","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cybercrime","tag-exploit","tag-exploits","tag-patching","tag-rdp","tag-remote-desktop-protocol","tag-vulnerability","tag-wannacry","tag-windows-7","tag-windows-8","tag-windows-server-2003","tag-windows-server-2008","tag-windows-xp","tag-worm"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15323"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15323\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}