Coders late last week publicly released a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft’s Remote Desktop Protocol implementation. Designated as CVE-2019-0708, BlueKeep is a remote Windows kernel use-after-free vulnerability that could be used to create wormable attacks similar to the WannaCry ransomware incident of May 2017. Published on GitHub by the Metasploit Project – a pen-testing framework developed in a collaboration between security company Rapid7 and open-source researchers – the exploit module currently targets 64-bit versions of Windows 7 and Windows 2008 R2.
Source: SC Magazine