If you’re a security professional, you will no doubt have heard about the BlueKeep vulnerability (CVE-2019-0708), which affects some older versions of Microsoft Windows.
The heightened interest in BlueKeep is largely because it attacks Windows’ Remote Desktop Protocol (RDP), which connects one computer to another. A threat capable of connecting to other computers over a network could spread extremely quickly, making it a significant risk. It’s this network awareness that threats like BadRabbit and WannaCry used to replicate from machine to machine with such speed and efficiency. Since the UK National Cyber Security Centre first discovered BlueKeep in May 2019, Microsoft has been strongly advising its users that the patch should be deployed as soon as possible.
On 6 September 2019, Metasploit released an initial public exploit module which builds on proof-of-concept code from @zerosum0x0, who also worked on Metasploit’s BlueKeep scanner module as well as the scanner and exploit modules for EternalBlue.
There are, of course, a ton of blogs out there that explain how to use this Metasploit module, but here at Immersive Labs we know there’s no better way to learn than by doing. That’s why we’ve made our BlueKeep Exploit lab available to everyone for free. Simply register here for Immersive Labs Lite and click on ‘Emerging Threats’. You’ll also find a useful lab on how to search and use exploits within Metasploit.