The BlueKeep (CVE-2019-0708) Vulnerability

Did you enjoy this article?
YesNo
Sharing Options:
Estimated Reading Time: 2 Minutes
1/5 - (1 vote)

This post was originally published on June 18, 2019
The latest update to this post was made 5 years ago.

The BlueKeep (CVE-2019-0708) VulnerabilityThe BlueKeep (CVE-2019-0708) Vulnerability

Quick Summary

A recently discovered, critical, flaw affecting Remote Desktop Protocol (RDP) in multiple versions of Microsoft Windows has been discovered. Both Microsoft and the Department Of Homeland Security strongly urges all customers running affected operating systems to make sure their systems are patched immediately by running Windows Updates.


BlueKeep (AKA: CVE-2019-0708) (Quoted from Microsoft)

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The patch for this vulenerability addresses the issue by correcting how Remote Desktop Services handles connection requests.


Affects The Following Operating Systems

  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003R2
  • Windows Server 2008
  • Windows Server 2008R2

NOTE: Windows Server 2012 and higher, Windows 8 and higher (including Windows 10)
are not affected by this vulnerability.


Exception(s):

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

This article, also on Blog Encounters, may be of interest:  Cannot Run .EXE Files After Malware Cleanup


Manually Patching

The following links offer downloadable hotfixes for manually patching just this exploit.

Windows XP, Server 2003, Server 2003R2 and Vista:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
For info or WSUS deployments, reference (KB4500331, KB4499180)
Category: Security Updates, Critical, Remote Code Execution

Windows 7, Server 2008 And Server 2008R2:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
For info or WSUS deployments, reference (KB4499175, KB4499164, KB4499149, KB4499180)
Category: Security Updates, Critical, Remote Code Execution

Tags: #microsoft #bluekeep #securityalerts #security #patch #windows

Loading

Sharing Options:
Did you enjoy this article?
YesNo

Be the first to comment

Leave A Reply