[ad_1]
(credit: flattop341)
For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.
It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.
Rough draft MSF module. Still too dangerous to release, lame sorry. Maybe after first mega-worm?
PATCH #BlueKeep CVE-2019-0708
35c2571801b3b6c4297ed362cf901dc4e907ff32a276fb6544a2b9d0f643f207 pic.twitter.com/y0g9R9HNnc
— zǝɹosum0x0? (@zerosum0x0) June 4, 2019
The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.
Read 9 remaining paragraphs | Comments
[ad_2]
Source link
Related Posts
- Cox Internet now charges $15 extra for faster access to online game servers
- Systems with small disks won’t be able to install Windows 10 May 2019 update
- Comcast usage soars 34% to 200GB a month, pushing users closer to data cap
- After White House stop, Twitter CEO calls congresswoman about death threats
- The sim swap the US isn’t using