Bluekeep is a security vulnerability that was discovered in Microsoft’s Remote Desktop Protocol (RDP), which allows remote code execution.
Bluekeep vulnerability presents a denial for remaining a theoretical threat and now steps-up as a critical threat. In May 2019, Bluekeep (CVE-2019-070) was reported as a critical security vulnerability by Microsoft. Bluekeep was considered a theoretical threat as there was no working code that would exploit it. The exploit code for Bluekeep has now been made public through an open-source testing framework on the 6th of September. Now that the exploit code for Bluekeep vulnerability has been released, it will be quite easy for attackers and hackers to use this code and create dangerous worms.
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services(TermService) – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
A Windows machine connected to a network and having network admin access can act as a target for the attackers. The attacker can gain access to the credentials of all the systems connected to that network, regardless of their operating system. This implies that a single compromised Windows system can corrupt the entire network, even if all the other connected systems are patched and secured.