The U.S. National Security Agency (NSA) on Tuesday urged Windows users and administrators to immediately address the vulnerability tracked as BlueKeep and CVE-2019-0708.
Many experts agree that it’s only a matter of time until the flaw is exploited in the wild. An increasing number of proof-of-concept (PoC) exploits have been developed and one researcher even claims to have created a module for the Metasploit penetration testing framework. Fortunately, a weaponized and fully working exploit that can achieve remote code execution has yet to be made public.
However, one researcher reported finding nearly one million vulnerable devices online and cybersecurity organizations have already seen scanning activity targeting CVE-2019-0708.
