https://community.checkpoint.com/t5/General-Topics/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62222#M12631 <P>The notorious <A href="https://en.wikipedia.org/wiki/BlueKeep" target="_blank">BlueKeep vulnerability</A> has been escalated from a theoretical, critical vulnerability, to an<A href="https://www.forbes.com/sites/daveywinder/2019/09/07/us-government-critical-windows-warning-gets-real-as-wormable-exploit-weaponized/#74f21a207569" target="_blank"> <STRONG>immediate, critical threat</STRONG></A>.</P> <P>While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the <A href="https://github.com/rapid7/metasploit-framework/pull/12283" target="_blank">BlueKeep exploit code</A> hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm.</P> <P>How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network.</P> <P>Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack.</P> <P>Check Point customers who have implemented these protections remain protected.</P> <P>We recommend all customers to take immediate action to make sure they are protected:</P> <UL> <LI>Install the Microsoft patch on all vulnerable Windows systems</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154732" target="_blank">Enable</A> Check Point’s IPS network protection for BlueKeep</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank">Implement</A> Check Point’s endpoint protection for BlueKeep</LI> </UL> Sun, 08 Sep 2019 18:12:51 GMT Yossi_Hasson 2019-09-08T18:12:51Z https://community.checkpoint.com/t5/General-Topics/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62222#M12631 <P>The notorious <A href="https://en.wikipedia.org/wiki/BlueKeep" target="_blank">BlueKeep vulnerability</A> has been escalated from a theoretical, critical vulnerability, to an<A href="https://www.forbes.com/sites/daveywinder/2019/09/07/us-government-critical-windows-warning-gets-real-as-wormable-exploit-weaponized/#74f21a207569" target="_blank"> <STRONG>immediate, critical threat</STRONG></A>.</P> <P>While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the <A href="https://github.com/rapid7/metasploit-framework/pull/12283" target="_blank">BlueKeep exploit code</A> hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm.</P> <P>How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network.</P> <P>Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack.</P> <P>Check Point customers who have implemented these protections remain protected.</P> <P>We recommend all customers to take immediate action to make sure they are protected:</P> <UL> <LI>Install the Microsoft patch on all vulnerable Windows systems</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154732" target="_blank">Enable</A> Check Point’s IPS network protection for BlueKeep</LI> <LI><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk154232" target="_blank">Implement</A> Check Point’s endpoint protection for BlueKeep</LI> </UL> Sun, 08 Sep 2019 18:12:51 GMT https://community.checkpoint.com/t5/General-Topics/BlueKeep-exploit-is-weaponized-Check-Point-customers-remain/m-p/62222#M12631 Yossi_Hasson 2019-09-08T18:12:51Z