The known exploit BlueKeep was given by his security researcher RiskSense, Sean Dillon in the summer at Metasploit as part of some tests. During the test and while the exploit was operating properly, a disadvantage was created. In particular, it caused BSOD instead of allowing some kind of attack.
This BSOD error is why security researcher Kevin Beaumont discovered the first BlueKeep-based attacks in fact, after finding that 10 from 11 windows RDP was off.
However, this week in the BlueKeep Metasploit section there will be a solution to this error. This solution removes the BSOD error and makes the attacks more reliable.
In an interview with ZDNet over the weekend, Dillon said the main cause of the BSOD errors was the Microsoft patch for exploiting the Intel Meltdown CPU.
Dillon expects the Metasploit project to update the BlueKeep module later this week. A key cause of the BSOD is also available on Dillon's personal blog.
Public exploit is becoming increasingly trustworthy, which means that attackers are more likely to enter a company that runs at least one vulnerable system.
The result was that everyone missed the point, that even if the intruders didn't create a based worm, BlueKeep is still a serious threat and should not be overlooked.
Below is a summary of what you need to know about BlueKeep:
- It is a nickname given to CVE-2019-0708, an exploit in Microsoft's RDP (Remote Desktop Protocol) service.
- It only works: Windows 7, Windows Server 2008 R2, Windows Server 2008
- The patches are available from mid-May 2019.
- The same day patches were released, Microsoft published a blog post about being BlueKeep wormable.
- Microsoft has issued a second warning about the orgs needed to fix BlueKeep.
- The US National Security Agency, the US Department of Homeland Security, the German cyber security service BSI, the Australian Security Center and the UK National Cyber Security Center have all issued their own security warnings.
- Many security researchers and cyber security companies have fully developed BlueKeep this summer. However, no one published the code after realizing how dangerous the vulnerability was.
- In July, a US company began selling a private BlueKeep to its customers to help them check whether their systems were vulnerable.
- At the end of October, the creators malware started using this BlueKeep Metasploit module in a real-world campaign.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.