US Company Selling Weaponized BlueKeep Exploit

On May 14, 2019, Microsoft released patches for BlueKeep, and described it as a “wormable vulnerability that could self-propagate similarly to how the EternalBlue helped propagate the WannaCry ransomware outbreak.” On Tuesday, July 23, it was announced that Immunity, Inc., was including a working BlueKeep exploit in CANVAS V7.23, the company’s pen-testing toolkit. Microsoft, the US National Security Agency (NSA), Germany’s BSI cybersecurity agency, the Australian Cybersecurity Centre, the US Department of Homeland Security, and the UK’s National Cybersecurity Centre have all issued warnings and alerts that urged users to patch the vulnerability on older versions of Windows. If users have not patched their systems, it is highly encouraged that patches are applied as soon as possible.

Relevant URL(s):