Patch BlueKeep now Australian spy agency warns Windows admins

The Australian Signals Directorate (ASD) is warning Windows admins to “immediately” patch the BlueKeep bug after a researcher handed an exploit for it to developers of the Metasploit Project. 

The agency is urging Australian organizations to patch now in anticipation of the Metasploit Project including an exploit for BlueKeep becoming available in the popular the open source penetration-testing kit, the Metasploit Framework. 

A security researcher who uses the Twitter handle @zerosum0x0 disclosed the exploit to the MetaSploit Project in late July, however the group has said it would keep the code private for now. The project recently released a module for using BlueKeep to create a denial of service attack, but not remote code execution.   

“The disclosure, once made available to the public, is anticipated to increase the amount of RDP scanning actively, increasing the chances of attempted exploitation of unpatched systems,” ASD’s  Australian Cyber Security Centre (ACSC) said in a statement

The agency said it was aware of malicious activity suggesting widespread abuse of BlueKeep, also identified as CVE-2019-0708, a flaw that can allow a remote attacker to attack systems listening for RDP on the internet and steal an organization’s credentials.