On September 6, 2019, Alibaba Cloud emergency response center detected that Metasploit released an exploit module for BlueKeep (CVE-2019-0708). The Alibaba Cloud security team has confirmed that the exploit module can be successfully executed. With the EXP code, attackers can execute any commands on the target system and spread worms to infect other hosts on the internal network. The BlueKeep vulnerability is similar to ransomware such as WannaCry in 2017 and causes high risks.

The public release of the exploit module greatly lowers the vulnerability exploitation threshold and makes hosts with the BlueKeep vulnerability prone to intrusion. Alibaba Cloud reminds Windows users to check for vulnerabilities and fix them in a timely manner.

Scope of impact:

  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 2003
  • Windows XP

Risk level: high

Security suggestions:

  1. Fix vulnerabilities in a timely manner. For more information about fixing the vulnerabilities, see Microsoft security announcement.
  2. Use Cloud Firewall ACL to restrict RDP. For more information, see Overview of access control policies. We recommend that you use an IP address whitelist to allow access to resources.