On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.
In the alert, DHS warns that Windows users that utilize Remote Desktop Services (RDS) to patch their systems due to the BlueKeep RCE. The Cybersecurity and Infrastructure Security Agency (CISA) successfully achieved RCE on a Windows 2000 test machine.
The exploit can be achieved by sending specially crafted packets to the targeted device, this vulnerability has been compared to the EternalBlue exploit for being wormable. EternalBlue was used inside the WannaCry ransomware in 2017.
Proof-of-concept exploits for both BlueKeep and CVE-2019-0708 have not yet been discovered in the wild. However, experts agree that it is only a matter of time before they become public. Microsoft has issued patches for Windows XP, 7, Server 2003 and 2008, newer versions of the OS seem to be unaffected.
It is recommended that a scan of the network to see if there are any vulnerable machines. Using the tool available for download here: https://github.com/robertdavidgraham/rdpscan.
There are downloads of pre-compiled binaries for use on both Windows and macOS.