DHS Tests Remote Exploit for BlueKeep RDP Vulnerability (Jun 17, 2019)
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that they have identified a Remote Code Execution (RCE) exploit for “BlueKeep,” a vulnerability affecting older versions of Windows, Windows 2000 through Windows 7. In the alert, CISA notes that Windows 2000 is vulnerable to a “wormable” attack that would spread to other vulnerable systems in a similar manner to the 2017 WannaCry attacks. Exploiting the vulnerability, an unauthenticated user can access a system remotely to install malware. Microsoft has issued patches, and warns organizations about the vulnerability due to the critical nature.
Recommendation: It is imperative for organizations using Windows, specifically versions including XP, Server 2003, and Vista to patch their systems as soon as possible, due to the critical nature of this vulnerability; and for the opportunity for threat actors to infect vulnerable computers connected to the internet.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.