News

Security Firm Puts Exploit for BlueKeep Vulnerability on GitHub

By admin
Spread the love

An exploit for the BlueKeep vulnerability in Windows XP and 7 has surfaced online. The exploit is not yet as reliable as the infamous Wannacry ransomware, according to Ars Technica, but it can nevertheless function as a worm just like WannaCry.

Ars Technica’s security expert Dan Goodin writes that the exploit was released by the American company Rapid7, the developer of the open source exploit kit Metasploit Framework. The code for the attack is on GitHub. Users still have to specify which version of Windows they want to attack, otherwise it won’t have the intended effect. Also, the exploit does not yet work on servers without some further manual adjustments. Rapid7 states in a blog post that it is releasing the information and exploit code to give potential targets the same knowledge as the attackers.

The BlueKeep vulnerability was patched by Microsoft in May of this year. The security hole was in Windows XP, Windows 7, Windows Server 2003, 2008, and 2008 R2. The more recent Windows 8 and Windows 10 are not at risk. Microsoft has patched all affected operating systems, including Windows XP, which has already reached EOL status. For XP, the patch must be downloaded manually. In addition to Microsoft, the NSA, the US Government and the NCSC have also made calls for the patches to be installed.

The vulnerability is in the Remote Desktop Services and requires no user interaction to succeed. An attacker can use the exploit to gain user rights and add, remove or modify data on a PC and execute code. Once a PC is infected, the worm can travel further to other PCs in the LAN, even if they are further shielded from the WAN. Even protected computers are at risk if a PC in the LAN is infected: saved passwords, for example from network shares of up-to-date systems, can then still be extracted and decrypted.

Microsoft states that BlueKeep has the potential to be as serious as the EternalBlue vulnerability, which was exploited by the WannaCry ransomware in 2017, causing extensive damage worldwide.

You might also like
News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

ASUS will produce and support NUC mini PCs after Intel exit