BlueKeep Vulnerability Exploit Likely Imminent

This week, a security researcher published a guide detailing how to execute malicious code on Windows machines vulnerable to BlueKeep. This information significantly lowers the bar for threat actors to develop exploits against the vulnerability, making it even more urgent for users and administrators to apply the latest patches to Windows systems. BlueKeep requires no authentication to exploit and is considered 'wormable,' with the potential to self-replicate and spread across the internet rapidly, similar to EternalBlue. As of three weeks ago, over 800,000 systems were still vulnerable to the BlueKeep flaw, despite several alerts from Microsoft and government agencies (1, 2, 3). Of the Internet-exposed systems that remain vulnerable to BlueKeep, about 105,170 are located in the US, exposing their networks to an increased risk of exploitation. The slowest to respond to this threat have been organizations within consumer goods, utilities, and technology industries, noting that many of the devices are running older Windows systems and do not have modern patch management systems or inventory controls. The NJCCIC advises users and administrators to patch vulnerable systems immediately. Users operating in-support systems including Windows 7, Windows Server 2008 R2, and Windows Server 2008 can download updates via the Microsoft Advisory. Users operating End-of-Life systems including Windows 2003 and Windows XP can download updates via the Windows Security Support page, or consider upgrading to a supported version of Windows. More information on the detailed code execution guide can be found in the Ars Technica article.