Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems. After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on the vulnerable systems.
The exploit attempts to run a powershell script which then downloads and installs a cryptominer. A detailed breakdown of how the exploit works has been written up on the Kryptos Logic blog. Now the first active exploit has been discovered, it is more likely that others will soon emerge as malware writers often borrow extensively from each others work.
Systems are only vulnerable if they remain unpatched. Microsoft released the patches to the RDP software in May 2019.
The RDP protocol is a popular attack vector for malware and security managers are advised to ensure no native RDP ports are exposed to the internet without the protection of a VPN. Bluekeep is dangerous because it allows a compromise before the need to login or authenticate with the operating system.