For serious vulnerabilities Windows BlueKeep is freely available exploit, update

Because of the critical security vulnerability of CVE-2019-0708 in Windows, also known as BlueKeep, a public and open source exploit is already available as part of the free penetration framework of Metasploit.

This was announced by the creator of the framework, Rapid7.

Users who have not already done so are advised to install the vulnerability update as soon as possible.

Exploit in Metasploit is functional against 64-bit versions of Windows 7 and Windows Server 2008 R2. Exploit requires the user to manually specify the details of the target system and cannot be used directly for mass automated attacks.

In May, BlueKeep’s vulnerability is found in Remote Desktop Services, providing remote access to the desktop via RDP, and can be exploited remotely over the network, requiring no user authentication or user interaction by default, and allows attackers to select code and gain control over the infected system.

It is located in Windows XP, Vista, 7, Server 2003, 2003 R2, 2008, 2008 R2 and later in Windows 2000.

Vulnerability is very dangerous when it allows automatic infection and the spread of malicious code such as worms. At the same time, remote desktop access ports are often intentionally accessible from the Internet and computers otherwise located behind the firewall. Following infection of computers directly from the Internet, the worm could presumably infect another large number of computers on internal networks that do not have port 3389 accessible from the Internet. According to BinaryEdge statistics, more than a million computers vulnerable to BlueKeep are available on the Internet.

Immediately after BlueKeep’s vulnerability information, several security companies have developed functional exploits capable of running code on the infected computer that they demonstrated on the videos. Initially, no exploit was published and probably at least not publicly offered for sale, but at the end of July, such an exploit for the 32-bit version of Windows 7 became part of a new version of the legitimate paid Canvas 7.23 penetration software.

According to available information, the vulnerability is not yet at least widely exploited, at least in mass worm attacks.

In May, vulnerability information was released along with the release of updates, including special updates for unsupported operating systems. For supported Windows 7, Server 2008, and Server 2008 R2, the vulnerability update is distributed through automatic updates or can be downloaded from this site, and can be downloaded from this site for Windows XP, Vista, Server 2003, and Server 2003 R2.

If the user is unable to update for some reason, there are several ways to prevent vulnerability exploitation. You can disable Remote Desktop Services, block TCP port 3389 connections to vulnerable computers on the firewall, or enable NLA for Windows 7 and Server 2008 and 2008 R2. In the latter case, the vulnerability can still be exploited if the attacker knows any valid credentials.

BlueKeep is not the only serious vulnerability recently published in RDP. In August, information was also released about two other serious vulnerabilities in Windows RDP, which also allow worm-like attacks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.