Qualys is working on enhancing the remote detection QID 91541 – Microsoft Windows Remote Desktop Services RCE Vulnerability (BlueKeep) and further improvements to consider more possible scenarios a more refined way to detect this legacy vulnerability. The changes will include the following enhancements:
- Our enhanced detection QID 91541 for unauthenticated BlueKeep takes advantage of the RDP engine for its detection and supports dynamic STARTTLS negotiation within RDP.
- It contains a new service detection and the new corresponding protocol-based Bluekeep detection.
- The main distinctions here are that some false negative are avoided
There are possibilities that the customers notice an increase in the number of assets identified by this QID.