Microsoft issues a 2nd “PATCH NOW” warning to implement the May 2019 Patch Tuesday security updates.  In past 2 days, RDP Bluekeep proof-of-concept code has gone public.  While RDP is more in use on corporate side by IT professionals, it may be still enabled for other users.  Over 1 million users are estimated to be exposed to these dangers

Microsoft has once again warned companies to patch older versions of Windows against a severe vulnerability in the Remote Desktop Protocol (RDP) service that can be abused remotely, and which the company has likened to the EternalBlue exploit that fueled the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks. To make matters worse, limited proof-of-concept code for exploiting this vulnerability (known as BlueKeep, or CVE-2019-0708) has surfaced online over the last two days.

“Microsoft is confident that an exploit exists for this vulnerability, and if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708,” said Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC).