Security 10816 Published by

Researchers from Kryptos Logic discovered that an exploit for the BlueKeep RDP vulnerability (CVE 2019-0708) in Microsoft Windows has been spotted in the wild.





BlueKeep (CVE 2019-0708) exploitation spotted in the wild

Overview It has been almost six months since an eye opening vulnerability in Microsoft Windows RDP CVE 2019-0708, dubbed BlueKeep, was patched. Today, Security Researcher Kevin Beaumont posted a Twitter thread reporting BSODs (Blue Screen of Death) across his network of BlueKeep Honeypots. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr — Kevin Beaumont (@GossiTheDog) November 2, 2019 Kevin kindly shared the crash dump with us and following this lead, we discovered the sample was being used in a mass exploitation attempt.



BlueKeep (CVE 2019-0708) exploitation spotted in the wild