Began openly selling a...the United States company is selling weapons of the BlueKeep the exploit-vulnerability warning-the black bar safety net

By 2019 05 on 15 August, Microsoft released 5 December patch update list, in which the presence of a marked to severe RDP Remote Desktop Services remote code execution vulnerability, an attacker can exploit this vulnerability remotely without user authentication by sending the special structure of the malicious data on the target system to execute malicious code, thereby acquiring the machine full control.
From the patch analysis, vulnerability analysis, and then to the POC release, and then is EXP video release, time has passed 2 months+10 days.
And this series also ushered in the first 4 rounds.
First bullet: point Remote Desktop Services remote code execution vulnerability POC open
The second bomb: Remote Desktop Services vulnerability analysis and detection code is disclosed, the Dark Net has begun selling may be the use of EXP
Third bullet: Microsoft re-notice: to remind you to update the system in order to prevent the worm
Because left to the user to patch the time has not much. in.
Since last week see snow conference, from Tecent keenlab the gangster of the PPT occur in the network after.
! [](/Article/UploadPic/2019-7/201972616547738. png)
!
Download:
https://github.com/blackorbird/APT_REPORT/blob/master/exploit_report/%23bluekeep RDP from patch to remote code execution.pdf
Foreign security personnel suddenly opens up to disclose the EXP is constructed of a heat wave
! [](/Article/UploadPic/2019-7/201972616548254. png)
!
While U.S. companies Immunity, a company specializing in the sale of commercial penetration testing kit company, finally unable to bear it, resorted to the big move, the public Twitter huckster.
! [](/Article/UploadPic/2019-7/201972616548106. png)
While Canvas is one from Dave Aitel ImmunitySec the company’s commercial vulnerability exploitation tool. It includes more than 370 EXP, it also comes with complete code, as well as some of the 0day vulnerability.
（PS: the main He than Metasploit commercial version is also cheap.）
Wherein the demonstration video below.
https://vimeo.com/349688256/aecbf5cac5
Visible indeed weapons of the time.
Immunity CANVAS BlueKeep module can achieve remote code execution – i.e., in the infected host to open a shell and execute the command.
!
Although the CANVAS of the license cost in the thousands to tens of thousands of dollars between, but hackers already know how to pirated or legally purchased penetration testing tools, such as Cobalt Strike to.
It means that the world hackers may have been eyeing the CANVAS, upon which wealthy people purchase, resulting in a new version of the tool is compromised, waiting to give their will be a crack Holocaust.
However, I still don’t have money, the rich can start your show.
!
https://www.immunityinc.com/products/canvas/
In the Immunity of the BlueKeep the use of the module leak before the company and users still have time to repair the system.
As is well known, BlueeKeep affects Windows XP, Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008.
System patch, and the mitigation and workarounds – see here.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Windows 10 version is not affected.