A researcher has created a module for the Metasploit penetration testing framework that exploits the BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. Microsoft released a fix for the bug on May 14. The vulnerability is critical (9.8 out of 10) because leveraging it allows malware to spread to vulnerable systems as WannaCry did in 2017. The NSA echoed Microsoft’s warnings urging users to “patch Remote Desktop Services on legacy versions of Windows”””
Source: https://www.bleepingcomputer.com/news/security/metasploit-module-created-for-bluekeep-flaw-private-for-now/