[aklug] Fwd: BlueKeep vulnerability - survey of current Alaskan attack surface

[Royce Williams]

Forwarding to AKLUG as well.

-- 
Royce


---------- Forwarded message ---------
From: Royce Williams <royce at techsolvency.com>
Date: Tue, Aug 6, 2019 at 7:02 AM
Subject: BlueKeep vulnerability - survey of current Alaskan attack surface
To: AKLUG <aklug at aklug.org>, <nuga at groups.io>


Most of you have probably already heard about the BlueKeep RDP
vulnerability, that Microsoft deems as wormable.

What you may not have heard is that a reliable remote exploit is being
privately managed by multiple scanning/pentesting companies and frameworks,
which means that it could be leaked to ransomware authors more easily as
time goes on.

At this writing, 66 Alaskan systems still appear to be vulnerable (down
from 109 when I originally started scanning on May 28th).

I have worked privately with some entities to notify owners, but as the
exposure of the exploit goes up, it's a good idea to take a second look at
your public-facing RDP.

Here are my current results. As I have done in the past, I've tried to
reduce the exposure of this information by limiting it to be reachable only
from "Alaskan-looking" IP space.

https://www.techsolvency.com/private/bluekeep/current.txt

I list the raw IP, ASN info, and the reverse DNS (PTR record).

NOTE: At the bottom of the file, I also list all subnets that I am scanning
- the ones that "look Alaskan". If you are aware of a subnet that isn't
listed, *please* let me know and I will add it and perform a fresh scan.

Please also note that I am doing this as a "best effort" service to the
Alaskan public pro bono, on my own time, and under my sole responsibility.

Feel free to ping me if you have any questions.

Royce

-- 
Royce Williams
Tech Solvency
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20190806/6af9e370/attachment.htm>