Mon. Dec 16th, 2019

Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

Source: https://arstechnica.com/?p=1600223

Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

Enlarge (credit: hdaniel)

Recent in-the-wild attacks on the critical Bluekeep vulnerability in many versions of Windows aren’t just affecting unpatched machines. It turns out the exploits—which repurpose the September release from the Metasploit framework—are also causing many patched machines to crash.

Late last week, Windows users learned why: a separate patch Microsoft released 20 months ago for the Meltdown vulnerability in Intel CPUs. Word of the crashes first emerged five days ago, when researcher Kevin Beaumont discovered a malicious, in-the-wild Bluekeep exploit caused one of his honeypots to crash four times overnight. Metasploit developer Sean Dillon initially blamed the crashes on “mystical reptilian forces that control everything.” Then he read a Twitter post from researcher Worawit Wang:

From call stack, seems target has kva shadow patch. Original eternalblue kernel shellcode cannot be used on kva shadow patch target. So the exploit failed while running kernel shellcode

— Worawit Wang (@sleepya_) November 4, 2019

In a post published on Thursday, Dillon wrote:

Read 8 remaining paragraphs | Comments

Source: https://arstechnica.com/?p=1600223

Leave a Reply

Your email address will not be published. Required fields are marked *