Despite the Microsoft-issued patch for BlueKeep, attackers are still exploiting the infamous vulnerability, underlining a problem with the way patches are applied in organizations and by individual users.
The SANS Institute observed exploitation of BlueKeep vulnerability in real time for a few months. The researchers use a tool named Shodan to monitor honeypots intentionally exposed to the Internet without the BlueKeep patch installed.
BlueKeep, tracked as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service affecting Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008. The vulnerability could allow remote code execution without triggering any alarms on the targeted endpoint.