Security Firm Puts Exploit for BlueKeep Vulnerability on GitHub
An exploit for the BlueKeep vulnerability in Windows XP and 7 has surfaced online. The exploit is not yet as reliable as the infamous Wannacry ransomware, according to Ars Technica, but it can nevertheless function as a worm just like WannaCry.
Ars Technica’s security expert Dan Goodin writes that the exploit was released by the American company Rapid7, the developer of the open source exploit kit Metasploit Framework. The code for the attack is on GitHub. Users still have to specify which version of Windows they want to attack, otherwise it won’t have the intended effect. Also, the exploit does not yet work on servers without some further manual adjustments. Rapid7 states in a blog post that it is releasing the information and exploit code to give potential targets the same knowledge as the attackers.
The BlueKeep vulnerability was patched by Microsoft in May of this year. The security hole was in Windows XP, Windows 7, Windows Server 2003, 2008, and 2008 R2. The more recent Windows 8 and Windows 10 are not at risk. Microsoft has patched all affected operating systems, including Windows XP, which has already reached EOL status. For XP, the patch must be downloaded manually. In addition to Microsoft, the NSA, the US Government and the NCSC have also made calls for the patches to be installed.
The vulnerability is in the Remote Desktop Services and requires no user interaction to succeed. An attacker can use the exploit to gain user rights and add, remove or modify data on a PC and execute code. Once a PC is infected, the worm can travel further to other PCs in the LAN, even if they are further shielded from the WAN. Even protected computers are at risk if a PC in the LAN is infected: saved passwords, for example from network shares of up-to-date systems, can then still be extracted and decrypted.
Microsoft states that BlueKeep has the potential to be as serious as the EternalBlue vulnerability, which was exploited by the WannaCry ransomware in 2017, causing extensive damage worldwide.