A number of information security professionals have been warning for some time that an exploit for the so-called BlueKeep vulnerability would be developed and circulated.
The fact that Immunity was selling this RCE exploit was revealed by British security researcher Kevin Beaumont, who tweeted: "A US company are selling a RCE exploit for #BlueKeep, which I’m sure will end well."
Beaumont, who is often quoted in various media outlets including iTWire, was the one who named the vulnerability Bluekeep.
The flaw has been given the notation CVE-2019-0708. Its description reads: "A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'."
The Miami-owned Immunity was formerly owned by ex-NSA hacker Dave Aitel, and was sold to Cyxtera Technologies in January.
Immunity has long had a business model of selling information and exploits for vulnerabilities, without informing the vendor in question in order for the flaw to be patched.
iTWire has contacted Cyxtera for comment.