BlueKeep built into exploitation tool, sparks fear of Wannacry style infection

News by Robert Abel

A working BlueKeep exploit module is available now, at an "expensive" monthly rate

Security firm Immunity has developed a working BlueKeep exploit module and added it to an automated exploitation platform, raising concerns that threat actors may be able to use the tool to recreate WannaCry scale attacks.

The product is available for what some are describing as an "expensive" monthly rate and was released because "it’s important for organisations to understand their actual risk and determine if their defenses are effectively protecting them," Dave Aitel, CTI at Immunity’s parent company, Cyxtera, told ThreatPost

When questioned about the need of a full RCE exploit in the tool rather than just a scanner to find vulnerable systems, Aitel said that testing these kinds of systems requires a working RCE exploit to address the entirety of risk rather than focusing on any single exploit.

Despite patches for the vulnerability being out since May 2019, approximately 805,665 systems remain vulnerable to BlueKeep, according to a recent status update from the firm – down from one million in May.

SC Magazine UK reported this month that a threat of a Wannacry-style attack looms large, as many organisations harbour outdated, unpatched Windows systems despite repeated alerts.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews