When news appeared in May of the security vulnerability in Windows that would come to be known as BlueKeep, security researchers almost immediately cautioned that the flaw looked like the central ingredient for a destructive worm sure to rampage through the internet. Microsoft issued a series of stark warnings to patch the flaw, which persisted in roughly a million computers. Even the NSA took the rare step of noting the bug's severity.
But fully two months later, the dreaded BlueKeep doomsday has yet to materialize. In fact, its apparent absence has made clear that in an age of hardened operating systems with built-in protections against easy exploitation, the mere existence of a known flaw in software no longer means an immediate open season for hackers. State-sponsored groups may already be using it for quiet intrusions, but low-skilled criminals have yet to use it for wide-scale calamity. But that doesn't mean that a larger wave of BlueKeep exploitation isn't in store if—or when—the secret details of exploiting the Windows vulnerability leak out to a wider audience.
"I would bet money that it's already being exploited quietly," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who has privately coded a working BlueKeep exploitation proof-of-concept. Like others who have tested the bug, Hutchins hasn't released his code for fear of enabling malicious use.
If the timeline of BlueKeep's exploitation follows three stages—white hat hacker testing, sophisticated targeted attacks, and then a wider free-for-all, "we're on stage two," Hutchins says. "To get to a worm right ..
Support the originator by clicking the read the rest link below.
