Warnings of world-wide worm attacks are the real deal, new exploit shows

by
Dan Goodin
from Ars Technica - All content on (#4GK35)
danger.jpg

(credit: flattop341)

For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

Rough draft MSF module. Still too dangerous to release, lame sorry. Maybe after first mega-worm?

1f6a8.png PATCH #BlueKeep CVE-2019-0708 1f6a8.png

35c2571801b3b6c4297ed362cf901dc4e907ff32a276fb6544a2b9d0f643f207 pic.twitter.com/y0g9R9HNnc

- zCE^1osum0x0 (@zerosum0x0) June 4, 2019

The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.

Read 9 remaining paragraphs | Comments

index?i=BJ8x2vgVyaM:edV2SUTDh1A:V_sGLiPB index?i=BJ8x2vgVyaM:edV2SUTDh1A:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments