BlueKeep Public Exploit Released

Overnight, Rapid7 (publishers of Metasploit) have released a Metasploit module that exploits BlueKeep. The module is technically complex to successfully execute but mis-use of it may cause systems to bluescreen, causing a denial of service.

In light of this, AC3 recommends that organisations immediately patch and disable any access to Remote Desktop Services via the internet.

How does this affect my organisation?

In most cases, Remote Desktop Services (RDS) will be used within organisations but is not exposed to the internet. This will limit the exposure of most organisations but will not mitigate all potential attack vectors (such as internal or lateral threats).

If you are a customer of AC3 Managed Services, AC3 will be in contact to organise an appropriate window to apply these patches.

For more information about this vulnerability please refer to the links at the end of this alert.

Threat rating and recommendation

Based on information available at the time of this notice, we have classified this threat as Action Required.

AC3 Service levels alert

Customers are recommended to review their environment and apply the appropriate patches as soon as possible. If you have RDS exposed to the internet it is recommended to urgently apply the appropriate patches or disable access to RDS via the internet.

If possible, enabling Network Level Authentication will make exploitation of this vulnerability more difficult as an attacker must have a valid account.

More information about this security vulnerability is available at the links below.

https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/

https://github.com/rapid7/metasploit-framework/pull/12283

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708