The Rapid7 project Metasploit has finally released an exploit for the BlueKeep flaw disclosed in the May Patch Tuesday update.  The BlueKeep flaw has prompted warnings from Microsoft and all Five Eye spy agencies to install Microsoft’s patches.  Microsoft also provided patches for unsupported versions of Windows, fearing the BlueKeep Remote Desktop Protocol (RDP) bug could be as severe as 2017’s WannaCry ransomware outbreak that impacted 300,000 PCs worldwide using the NSA-built EternalBlue exploit. Both flaws could be used by attackers to create a worm that infects one vulnerable machine after another.  The Australian Signals Directorate (ASD) warned Windows admins in August to “immediately” patch the BlueKeep bug in anticipation of today’s Metasploit release. According to ASD, more than 50,000 devices in Australia were potentially vulnerable in mid-August.  The RDP bug affects Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008 operating systems, but not Windows 10.     After BlueKeep was disclosed Rapid7 detected an spike in malicious RDP scans as attackers probed potentially vulnerable systems.  That Metasploit is an open source project means the BlueKeep exploit module is now accessible by security defenders and attackers.

Read full article on CSO