BlueKeep Exploit

Remember that Remote Desktop Services vulnerability from May this year (2019)? … well, now BlueKeep has an active exploit!

It’s not new!

In May 2019, Microsoft twice warned users to implement a new security patch to address a vulnerability in its Remote Desktop Services (CVE-2019-0708).  With a CVSS score of 9.8, this vulnerability affects un-patched versions of the following operating systems:

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2

Further emphasising the severity of this vulnerability, Microsoft has also released patches for the unsupported Windows XP and Windows Server 2003 operating systems

Active Exploit

This vulnerability does not require authentication or user interaction. In other words, the vulnerability is exploitable by unauthenticated users, services, or systems, and is subsequently ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry ransomware attack.

As reported on Forbes.com on the 3rd November 2019, this vulnerability is being ACTIVELY EXPLOITED.

If ever you had a reason …

If ever you had a reason to patch, this is it.  In May, it was theory – we knew that there was a risk, we knew how to fix it, but the exploit wasn’t “in the wild”.  Well, it is now.

So pretty please.  Patch your Systems !

Original Post

This post was originally authored on this blog, you can also see the corresponding LinkedIn Article here - https://www.linkedin.com/pulse/bluekeep-exploit-andrew-barnes