[enzanki_ars]

CVE-2019-1182: https://portal.msrc.microsoft.com/en-US/security-guidance/ad...

Slightly more technical information from Wired: https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/

TL;DR: Remote Code Execution via RDP on all windows versions, including 7 and 10.

Wired Quote:

> "Microsoft today warned Windows users of seven new vulnerabilities in Windows that, like BlueKeep, can be exploited via RDP, a tool that lets administrators connect to other computers in a network. Of those seven bugs, Microsoft's advisory emphasized that two are particularly serious; like BlueKeep, they could be used to code an automated worm that jumps from machine to machine, potentially infecting millions of computers."

> "Unlike BlueKeep, however, the new bugs—half-jokingly named DejaBlue by security researchers tracking it—don't merely affect Windows 7 and earlier, as the earlier RDP vulnerability did. Instead, it affects Windows 7 and beyond, including all recent versions of the operating system."

[groovybits]

Thinking of this in context to Win7 EOL approaching:

I imagine the type of people who have RDP publicly exposed are the same type of people who will not be upgrading from Win7 anytime soon.

I suspect we will see many exploits of this to come.

[londons_explore]

Microsoft really ought to develop their own worm, and use it to patch the flaw.

They can release it on the same day as the regular updates, and scan the whole IPv4 address space every hour.

That way, the pool of unpatched machines will be so tiny it isn't worth evil people trying to exploit it.

[groovybits]

Its the same threat vector as BlueKeep, so I would imagine the prime exploitation window for Win7 (which was/is vulnerable to both) has already passed.

A quick Shodan query already does what you're thinking.

[kgwxd]

Wouldn't that be illegal? I hope so.