topic BlueKeep exploit is weaponized: Check Point customers remain protected. in Endpoint https://community.checkpoint.com/t5/Endpoint/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62224#M3283 <P>The notorious<SPAN>&nbsp;</SPAN><A href="https://en.wikipedia.org/wiki/BlueKeep" target="_blank" rel="nofollow noopener noreferrer">BlueKeep vulnerability</A><SPAN>&nbsp;</SPAN>has been escalated from a theoretical, critical vulnerability, to an<A href="https://www.forbes.com/sites/daveywinder/2019/09/07/us-government-critical-windows-warning-gets-real-as-wormable-exploit-weaponized/#74f21a207569" target="_blank" rel="nofollow noopener noreferrer"><SPAN>&nbsp;</SPAN><STRONG>immediate, critical threat</STRONG></A>.</P> <P>While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the<SPAN>&nbsp;</SPAN><A href="https://github.com/rapid7/metasploit-framework/pull/12283" target="_blank" rel="nofollow noopener noreferrer">BlueKeep exploit code</A><SPAN>&nbsp;</SPAN>hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm.</P> <P>How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network.</P> <P>Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack.</P> <P>Check Point customers who have implemented these protections remain protected.</P> <P>We recommend all customers to take immediate action to make sure they are protected:</P> <UL> <LI>Install the Microsoft patch on all vulnerable Windows systems</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154732" target="_blank" rel="nofollow noopener noreferrer">Enable</A><SPAN>&nbsp;</SPAN>Check Point’s IPS network protection for BlueKeep</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank" rel="nofollow noopener noreferrer">Implement</A><SPAN>&nbsp;</SPAN>Check Point’s endpoint protection for BlueKeep</LI> </UL> Sun, 08 Sep 2019 18:21:21 GMT Yossi_Hasson 2019-09-08T18:21:21Z BlueKeep exploit is weaponized: Check Point customers remain protected. https://community.checkpoint.com/t5/Endpoint/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62224#M3283 <P>The notorious<SPAN>&nbsp;</SPAN><A href="https://en.wikipedia.org/wiki/BlueKeep" target="_blank" rel="nofollow noopener noreferrer">BlueKeep vulnerability</A><SPAN>&nbsp;</SPAN>has been escalated from a theoretical, critical vulnerability, to an<A href="https://www.forbes.com/sites/daveywinder/2019/09/07/us-government-critical-windows-warning-gets-real-as-wormable-exploit-weaponized/#74f21a207569" target="_blank" rel="nofollow noopener noreferrer"><SPAN>&nbsp;</SPAN><STRONG>immediate, critical threat</STRONG></A>.</P> <P>While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the<SPAN>&nbsp;</SPAN><A href="https://github.com/rapid7/metasploit-framework/pull/12283" target="_blank" rel="nofollow noopener noreferrer">BlueKeep exploit code</A><SPAN>&nbsp;</SPAN>hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm.</P> <P>How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network.</P> <P>Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack.</P> <P>Check Point customers who have implemented these protections remain protected.</P> <P>We recommend all customers to take immediate action to make sure they are protected:</P> <UL> <LI>Install the Microsoft patch on all vulnerable Windows systems</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154732" target="_blank" rel="nofollow noopener noreferrer">Enable</A><SPAN>&nbsp;</SPAN>Check Point’s IPS network protection for BlueKeep</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank" rel="nofollow noopener noreferrer">Implement</A><SPAN>&nbsp;</SPAN>Check Point’s endpoint protection for BlueKeep</LI> </UL> Sun, 08 Sep 2019 18:21:21 GMT https://community.checkpoint.com/t5/Endpoint/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62224#M3283 Yossi_Hasson 2019-09-08T18:21:21Z