WannaCry Has Not Gone Away
Microsoft has released a series of defence fixes for 79 unique vulnerabilities, including 22 critical bugs, any of which, could be used to spread malware around the globe.
According to Microsoft, the bug is “wormable,” meaning that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.
Microsoft has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services, formerly known as Terminal Services, that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable.
This vulnerability is pre-authentication and requires no user interaction.
In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware which spread globally in 2017.
So far there have not been any recorded exploitation of this vulnerability, but it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.
Windows 8 and Windows 10 are not affected by this vulnerability.
Although the bug affects older operating systems, Windows 7, Windows Server 2008 R2 and Windows Server 2008, it should be patched ASAP. Microsoft is even making fixes available for out-of-support versions XP and Windows 2003, such is the potential threat.
Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Recent research, by Malwarebytes, has showed that Eastern countries are most at risk from WannaCry; the majority of detections since its initial spread landed in India (727,883), Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814).
In the UK, there have been 17,185 detections since the initial attack took place, with just 41 incidents recorded since April 1 2019.
In contrast, other countries have continued to register large numbers of detections in the same period; India (19,777), Indonesia (19,192) and the US (3325), for instance. Malwarebytes also warned that hundreds of thousands of systems globally are still vulnerable to EternalBlue and EternalRomance, exploits that WannaCry used to propagate and spread.
They also say that malware authors are using mechanisms that allowed WannaCry to spread so rapidly to launch a new generation of devastating Trojans, such as Emotet and TrickBot, in order to target businesses.
Infosecurity 1: Infosecuriity 2: Technet: