[German]Another warning – after someone has posted slide deck foils about the BlueKeep vulnerability on GitHut, it shouldn't be long before a working exploit appears in practice.
Nothing is as old as yesterday's news. A few hours ago I was able to find out in the article Windows: What about the BlueKeep vulnerability in July 2019? that so far no exploit has been known to exploit it to exploit the BlueKeep vulnerability on unpatched systems. This is likely to change soon.
Slides of a public presentation
At a security conference held in Beijing during the days, a speaker spoke about the Remote Desktop Services vulnerability CVE-2019-0708 (BlueKeep) and presented a concept for a working exploit.
On a security conference held in Beijing two days ago, someone talked about how to exploit CVE-2019-0708(BlueKeep). Here is slides: https://t.co/0xdRqy2Ufy pic.twitter.com/M6hnzf8oXc
— hjy (@hjy79425575) 22. Juli 2019
Die Folien fanden dann ihren Weg auf Dropbox und stehen nun auch auf GitHub zur Verfügung.
BlueKeep Warning: someone published a slide deck explaining how to turn the crash PoC into RCE. I expect we'll likely see widespread exploitation soon.https://t.co/MG2IZfy5B5
— MalwareTech (@MalwareTechBlog) 22. Juli 2019
The previous publicly known approaches for a Proof of Concept (PoC) enabled a maximum crash of the Windows system. In the above tweet, MalwareTech expresses the suspicion that the slides that have become public will soon lead to an exploit that will enable a Remote Code Execution (RCE) attack.
The BlueKeep vulnerability
I had reported about the BlueKeep vulnerability CVE-2019-0708 in several blog posts. An explanation of the vulnerabilities can be found in the blog post Critical update for Windows XP up to Windows 7 (May 2019). There is a patch, but it has not been installed on all systems.
There is a patch, but it has not been installed on all systems. It is currently estimated that approximately 800,000 systems are still unpatched and accessible via the Internet. In my blog post How To: BlueKeep-Check for Windows, I explained how a system can be scanned both locally for installed patches and in a network for vulnerabilities.
Similar articles
A threat actor scans Windows systems for BlueKeep vulnerability
BlueKeep: Windows Remote Desktop Services vulnerability exploits status
Critical update for Windows XP up to Windows 7 (May 2019)
Nearly 1 million Windows machines with BlueKeep vulnerability
BlueKeep vulnerability: Microsoft warns about a wormable malware epedemia
BlueKeep: Patch for pirated copies; SSL tunnel as a risk factor
How To: BlueKeep-Check for Windows