A US network security company called Immunity Inc. announced on July 23 that it will launch the BlueKeep exploit module, which will be included in a pen-testing tool called CANVASv7.23, the company’s pen-testing toolkit.
BlueKeep, also known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RemoteDesktop Protocol) service included with older Windows operating systems. This vulnerability affects Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008. The modern Windows 10 version is not affected. Microsoft released a patch for BlueKeep on May 14. But by the end of May, security researchers estimate that there are still about 1 million Windows systems vulnerable to attacks against the BlueKeep vulnerability.
This vulnerability is considered very dangerous. Even government agencies such as the US National Security Agency and the US Department of Homeland Security have issued security warnings to urge users and companies to patch older versions of Windows.
Immunity’s CANVAS BlueKeep module can achieve remote code execution — namely open a shell on infected hosts. In fact, some cybersecurity companies have said that they have found a way to exploit the BlueKeep vulnerability, but they refused to release specific details because they feared that this would trigger another wave of WannaCry-like infections worldwide.
Coincidentally, when Immunity released the BlueKeep exploit program, it just shared a lot of research on the BlueKeep vulnerability at a security conference in China. However, Dave Aitel, Immunity CEO denied that they used the research published by Chinese researchers at the security conference.
Exploit module can be found on Immunity’s website.