Just months after the US National Security Agency (NSA) advised Microsoft Windows users to update their systems to mitigate the critical BlueKeep vulnerability (Microsoft Windows RDP CVE 2019-0708), reports suggest that the bug is already being exploited in the wild by hackers to carry out ‘devastating’ attacks that are rendering computer networks in several countries virtually unusable.
huh, the EternalPot RDP honeypots have all started BSOD’ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr
According to Hutchins, the shellcode of the BlueKeep exploit attempts in the wild matches with that of the shellcode in the proof-of-concept BlueKeep module released by the Metasploit pen-testing team earlier this year. While other security researchers had deleted the all-important exploit code before releasing their demo modules, Metasploit’s version was advanced enough for remote code execution, which is why it is now being exploited by criminals.
