In the Spotlight This Week: Bluekeep the Next WannaCry?
Bluekeep isn’t new this week. In fact, it was discovered in May. But it’s been getting a lot of attention recently in the InfoSec news feeds. In a nutshell, Bluekeep is a vulnerability in Microsoft’s Remote Desktop Protocol that, if exploited, could allow “wormable” remote code execution. That “wormable” aspect is what’s garnering attention – some are saying “It’s going to be the next WannaCry”. Some tools for finding vulnerable machines have been published as well” Finding Windows Systems Affected by BlueKeep Remote Desktop Bug https://www.bleepingcomputer.com/news/security/finding-windows-systems-affected-by-bluekeep-remote-desktop-bug/
The vulnerability exists in all NT-based versions of Microsoft Windows, from Windows 2000 through Windows Server 2008 R2 and Windows 7. Microsoft published patches in May – including patches for some versions of Windows that were already at “end of life” status. And, although none have been made public yet, it is safe to assume proof of concept and/or executable exploits will be published soon.
Several advisories have been issued about Bluekeep: