For the past three weeks, security professionals have warned with increasing urgency that a recently patched Windows vulnerability has the potential to trigger attacks not seen since the WannaCry worm that paralyzed much of the world in 2017. A demonstration video circulating on the Internet is the latest evidence to prove those warnings are the real deal.
It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.
Rough draft MSF module. Still too dangerous to release, lame sorry. Maybe after first mega-worm?
PATCH #BlueKeep CVE-2019-0708
— zǝɹosum0x0🦉 (@zerosum0x0) June 4, 2019
The video shows a module Dillon wrote for the Metasploit exploit framework remotely connecting to a Windows Server 2008 R2 computer that has yet to install a patch Microsoft released in mid May. At about 14 seconds, a Metasploit payload called Meterpreter uses the
getuid command to prove that the connection has highly privileged System privileges. In the remaining six seconds, the hacker uses the open source Mimikatz application to obtain the cryptographic hashes of passwords belonging to other computers on the same network the hacked machine is connected to.