A new scanning Tool is now available for checking if your computer is Vulnerable to the Bluekeep security issue in Windows Remote Desktop Services.

Despite Microsoft rolling out a patch in mid-May, there are tens of thousands of devices exposing a Remote Desktop Protocol (RDP) service to the public internet.

Unpatched systems still at risk

BlueKeep (CVE-2019-0708) is a vulnerability that leads to remote code execution and could be leveraged to spread malware across connected systems without any interaction from the user.

It affects Windows 7, Windows Server 2008 R2, and Windows Server 2008 and is serious enough to warrant repeated warnings from Microsoft about the severity of the flaw and the strong recommendation to apply the patch.

The security community cautioned users and companies early on that leaving the issue unattended could have brutal consequences. So did the U.S. Government after exploiting the bug and achieving remote code execution.

After exploit modules starting cropping up and enough information became public, cybercriminals started to exploit BlueKeep in the wild. The payload exploited vulnerable systems en-masse for cryptocurrency mining but it was not a worm that would could have brought the attack to WannaCry’s destruction level.

The danger is not over, though. There are plenty of vulnerable systems exposed on the web and cybercriminals are not likely to spare them.

Check yourself

In the U.S. alone, there are at least 45,000 systems with RDP exposed on the web at the time of writing. More than 20,000 hosts vulnerable to BlueKeep are in South Korea, and over 16,000 in Brazil.

And this is only what is is directly connected to the public internet. Many unpatched systems, though, may lurk on company networks and are not visible from the outside. In case of a BlueKeep epidemic, these are are what cybercriminals are after. From one system, the infection could reach other computers on the network.

Slovakian cybersecurity company ESET released a tool that checks if your computer is vulnerable to BlueKeep or out of this harm’s way. Their BlueKeep vulnerability scanner can be downloaded from here.

On systems where the flaw can be exploited, the utility launches a web page that provides the appropriate patch from Microsoft. This release has no command-line arguments and deploys like any other executable.

ESET notes that “this is a single-purpose tool intended for personal use and is not intended to be deployed for mass use in an automated environment.”

At least two penetration tools include a BlueKeep exploit module, so it is definitely part of security tests. As such, the company recommends businesses to remove vulnerable device from their networks.

Other scanners exist on the market. Robert Graham created one, the NCC Group did the same with this tool. Even criminals have included their version in malware designed for cryptomining, indicating that they are ready to exploit the BlueKeep flaw to reach their goals.