IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Exploits for Windows BlueKeep vulnerability commercially available

The issue has been dubbed 'the next WannaCry' and now attackers can have a copy of their own, for a price

Graphic of a cyber criminal or hacker

An American cyber security company Immunity has made its working exploit for the Windows BlueKeep vulnerability commercially available as part of its penetration testing kit CANVAS.

BlueKeep has been dubbed the next big security threat and one that could rival the significance of WannaCry. It's a wormable remote code execution (RCE) exploit that can give attackers the highest possible privileges on a Windows system.

Immunity isn't the first to create a working exploit for BlueKeep, other security groups have claimed to have beaten them to the punch but refuse to release proof of concept code in fears of it falling into the wrong hands.

Accompanied by a demonstration video, the firm announced on Twitter its exploit would be included in its CANVAS toolkit which can cost tens of thousands of dollars.

It's the first instance of a working exploit being sold and although the price is high, the consequences of it getting in the wrong hands could be catastrophic.

"This vulnerability is no joke; BlueKeep has all the makings of becoming the next WannaCry or NotPetya," said Bob Huber, CSO, Tenable. "Patch now before it's too late."

BlueKeep was discovered in May 2019 and Microsoft released an emergency patch, even for old operating systems that had reached end of life. The vulnerability is found in the remote desktop protocol (RDP) service in many old versions of Windows including Windows 7, Windows Vista and Windows XP. Windows 10 users aren't vulnerable to BlueKeep.

Providing users patch their systems, BlueKeep cannot be exploited but it's well-documented that critical infrastructure is still reliant on legacy Windows operating systems, such as certain hospital equipment which uses software that's incompatible with current and more secure versions of Windows.

"Just because a patch is available, it doesn't mean that all companies are in a position to patch immediately," said Javvad Malik, security awareness advocate at KnowBe4. "Patching can be a complex procedure in certain environments and can take a long time."

However, according to recent reports, it's not the healthcare industry that needs to be worrying about BlueKeep the most. Since the vulnerability was released and national security agencies across the world including the NSA, the FBI and the Department of Homeland Security released their own warnings, researchers found that the telecoms sector was much more vulnerable than any other industry.

That has been largely attributed to the fact that telecoms companies often host end-customer systems they cannot upgrade themselves, meaning that in order to stay safe, their customers need to keep on top of their patch management.

When BlueKeep was first discovered, the number of affected systems was put at around one million globally. Following the research from BitSight in July, the authors claimed not much had been done to reduce the number of affected systems with the number thought to be around 800,000 at the time of publication.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022