- Security researcher Valthek announced that he has created an exploit code for the BlueKeep vulnerability.
- Christiaan Beek, Senior Principal Engineer at McAfee, confirmed that Valthek's proof-of-concept (PoC) code is working and requested “everyone to PATCH”.
What is the issue?
Security researchers have created exploits for a vulnerability in Microsoft's Remote Desktop Services dubbed ‘BlueKeep’.
The vulnerability (CVE-2019-0708) in Remote Desktop Services could allow attackers to perform remote code execution and hijack an entire network.
Microsoft patched the RCE vulnerability on May 14, 2019, and described that “the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”
BlueKeep vulnerability exploitable
Chaouki Bekrar, the founder of Zerodium, confirmed that the BlueKeep vulnerability is exploitable remotely without any authentication.
“We've confirmed exploitability of Windows Pre-Auth RDP bug (CVE-2019-0708) patched yesterday by Microsoft. Exploit works remotely, without authentication, and provides SYSTEM privileges on Windows Srv 2008, Win 7, Win 2003, XP. Enabling NLA mitigates the bug. Patch now or GFY!,” Bekrar tweeted.
Later, security researcher Valthek announced that he was able to create exploit code for the vulnerability.
“I get the CVE-2019-0708 exploit working with my own programmed POC (a very real dangerous POC).This exploit is very dangerous. For this reason i don´t will said TO ANYBODY OR ANY ENTERPRISE nothing about it. You are free of believe me or not,i dont care,” Valthek tweeted.
Christiaan Beek, Senior Principal Engineer at McAfee, confirmed that Valthek's proof-of-concept (PoC) code is working and requested “everyone to PATCH”.