2 min Security

Manual for abuse BlueKeep surfaced online

Manual for abuse BlueKeep surfaced online

The risk of exploiting BlueKeep, a vulnerability in the Windows remote desktop protocol (RDP), has increased significantly. This is because an online manual has been published on how to effectively exploit this vulnerability.

A security researcher made the manual publicly available at GitHub in the form of a slideshow, albeit entirely in Chinese. According to experts, this increases the likelihood of incidents similar to the WannaCry and NotPetya attacks in 2017, says Ars Technica. More than 800,000 computers connected to the Internet are vulnerable due to BlueKeep. The security risk arises because infected computers can spread malicious software to other vulnerable machines without the user’s involvement.

Manual against crashes when running malicious code

What has hampered large-scale abuse so far has been a lack of knowledge on the part of cybercriminals. Writing malicious code that did not cause a computer crash was therefore very difficult. Effectively, this meant that a crash prevented the running of ransomware, for example. However, the manual that appeared online provides instructions for running remote code execution (RCE) without crashes. This also means that there is a much greater chance that code will appear online that third parties can use for malicious purposes. Jake Williams of cybersecurity company Rendition Infosec states that this does not necessarily mean that hackers have a better opportunity to write working code. However, if there are people who intend to make systems crash rather than distribute ransomware, for example, the manual will make this easier.

By the way, it seems that the presentation that appeared online is a document that was used at a Chinese cybersecurity conference, since the name of the Chinese cybersecurity company Tencent KeenLab appears on a slide. The name of cybersecurity researcher Yang Jiewei is identified as the speaker, according to Ars Technica. It is not clear whether the file has also been shared by him with third parties. Nor is it clear whether GitHub and Tencent will take any action.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.