The notorious BlueKeep vulnerability has been escalated from a theoretical, critical vulnerability, to an immediate, critical threat.
While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the BlueKeep exploit code hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm.
How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network.
Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack.
Check Point customers who have implemented these protections remain protected.
We recommend all customers to take immediate action to make sure they are protected:
- Install the Microsoft patch on all vulnerable Windows systems
- Enable Check Point’s IPS network protection for BlueKeep
- Implement Check Point’s endpoint protection for BlueKeep