US Govt Achieves BlueKeep Remote Code Execution, Issues Alert
The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to patch the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The agency, which operates under Department of Homeland Security oversight, issued the alert after achieving remote code execution on a vulnerable Windows 2000 machine.
Earlier this month, the National Security Agency (NSA) also issued a warning about BlueKeep. Microsoft released a patch for the flaw on May 14, and issued a second alert about it earlier this month after research suggested that close to a million devices remained vulnerable. BlueKeep is a very dangerous flaw because it could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code, just like the 2017 global WannaCry outbreak.