WannaCry ransomeware attack is described as-
“WannaCry is a ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. The worm is also known as WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0, and Wanna Decryptor. It is considered a network worm because it also includes a “transport” mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.”
In recent times, Microsoft has claimed to do away with this particular level of vulnerability in Remote Desktop Services (RDS). However, the attempt for the same had unfortunately targetted some older versions of the Windows which fails to run smoothly now as reported by the users.
It has been detected that Remote Desktop Services or RDP is a protected system in itself and poses no threat except that it has not updated itself for user interaction yet. Nevertheless, this particular attack did not prove to be destructive as of now but it definitely paved the way for a further attack in the near future which will again try to match up the level of WannaCry.
It is estimated that an unauthentic attacker might attempt to send a request concocted with pernicious intentions to the systems which are enlisted to vulnerability. As per the report-
“According to Microsoft, This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Kevin Beaumont, an independent researcher tweeted:
“…Very important security update for Windows…CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch up against. Around 3 million RDP endpoints are directly exposed to the internet.”
Microsoft also had commented:
“There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered.”
The Director of Incident Response, Simone Pope representing Microsoft Security Response Center (MSRC) announced that:
“Customers running Windows 8 and Windows 10 are not affected by this vulnerability”.
Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008 and also out of support versions Windows 2003 and Windows XP.