BlueKeep Exploit for Core Impact
Looking for a BlueKeep exploit? Well Core Impact already has one …
The world is still waiting for a generic Remote Code Execution (RCE) proof of concept for BlueKeep. As far as we can tell (by looking at honey pots) one has yet to be developed, but we are sure one will arrive soon. Both the back hats and the white hats are working on this 24×7, so it will not be long.
Some companies (Sophos for one) have developed code that works in very restricted environments, but nothing that would work in the real world.
What about Core Impact?
Well Core also have a dedicated team of exploit writers seeking to get an RCE BlueKeep exploit working for Core Impact. Like everyone else, they have yet to get an RCE fully functioning, so in the interim they have a DoS (Denial of Service) exploit. This DoS exploit has been available for some time within Core Impact, and for white hats, is probably all that is needed (except for the fun bit).
This exploit allows you to test your infrastructure to see if you are vulnerable to BlueKeep. This will allow you to validate that your remediation steps have been completed correctly. For machines where you cannot upgrade and are relying on other technologies to perform some mitigating action, then this will also test those technologies.
If you want to find out more, or try the software for yourself register below, and we will contact you to get things moving.
Register for a trial
More about BlueKeep Vulnerability
The BlueKeep vulnerability was discovered in Microsoft’s RDP (Remote Desktop Protocol) in May 2019, and essentially allows remote, un-authenticated access to the machine.
In the worst-case scenario, if you have a machine running RDP, connected to the Internet, then a bad guy (or bad code) the other side of the world could connect to it and run anything that they want. This can all be done without providing any user credentials. The last time something like this was found we ended up with WannaCry.
The BlueKeep vulnerability is harder to exploit than WannaCry, and there are less machines running the RDP software, but those that are tend to be servers, and therefore more important (and harder to fix).
There is also much talk about this only being an issue for machines connected to the Internet, in my opinion that is missing a very significant point. If someone gets inside a corporate’s network defences (say phishing attack, the cleaners etc.) then this could very quickly be leveraged and spread quickly within that organisation (as did WannaCry). Most of the WannaCry damage was not done over the Internet, it was machines within a corporate network spreading it to each other.