BlueKeep scanning activity picks up

BlueKeep scanning activity

Exploits in the wild of BlueKeep are likely closer than ever after one security company spotted a huge uptick in scanning for the critical vulnerability over the weekend.

Security experts have been warning about bad actors soon developing exploits for the BlueKeep vulnerability patched by Microsoft earlier this month.

BlueKeep (CVE-2019-0708) is a critical vulnerability in Windows Remote Desktop Services and could result in remote code execution on Windows systems. The bug impacts Windows XP, 7, Server 2003 and Server 2008 operating systems. The potential serious impact even spurred Microsoft to publish an emergency patch for unsupported XP and Server 2003 OS.

Microsoft previously urged organizations to patch BlueKeep before hackers develop and incorporate exploit code in future wide-ranging attacks worldwide.

As ZDNet reported, security intelligence company GreyNoise Intelligence detected the scanning of Windows systems vulnerable to the BlueKeep RDP-related bug.

GreyNoise wrote in a tweet that they observed “sweeping tests” of scanning activity targeting BlueKeep by “exclusively Tor exit nodes and is likely being executed by a single actor.”

This is just one example of a bad actor who has invested considerable time/effort in finding vulnerable targets, possibly in preparation for a launch of future attacks. Likely more devious activities to come. Organizations should take this as an urgent reminder to make sure BlueKeep flaw is patched.