There is a surprise for Metasploit users, maintainers of the open-source penetration testing framework have added a public exploit module for the BlueKeep Windows flaw.
The BlueKeep vulnerability, tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates.
As explained by Microsoft, this vulnerability could be exploited by malware with
The Metasploit BlueKeep exploit module is based on the proof-of-concept code from the security researchers zǝɹosum0x0 and Ryan Hanson. It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2.
“Today, Metasploit is releasing an initial public exploit module for CVE-2019-0708, also known as BlueKeep, as a pull request on Metasploit Framework. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.” explained Metasploit senior engineering manager Brent Cook. “The module builds on proof-of-concept code from Metasploit contributor @zerosum0x0, who also contributed Metasploit’s BlueKeep scanner module and the scanner and exploit modules for
Experts pointed out that the exploit does not currently support automatic targeting, this means that experts have to manually provide target details.
Unfortunately, the number of unpatched machines exposed online is very high, querying the BinaryEdge service it is possible to find more than 1,000,000
The module leverages an improved general-purpose RDP protocol library, as well as enhanced RDP fingerprinting capabilities.
Experts warn of possible side effects associated with the use of this module with Metasploit payload detection tools.
“All that said, there’s one important caveat for Metasploit payload detection tools, such as those that alert on generic
Rapid7 suggests reading the previous analysis to have more info on profiles of attacker activity and detailed recommendations on defending against BlueKeep exploitation,
| [adrotate banner=”9″] ||[adrotate banner=”12″]|