Plugins Database As of 11-23-2019

Microsoft Windows Remote Desktop Services 'CVE-2019-0708' Remote Code Execution Vulnerability (BlueKeep) - (Remote Active)

Windows : Microsoft Bulletins
Impact by CVSS Score
  • ID: 1.3.6.1.4.1.25623.1.0.108611

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is running Microsoft Windows Remote Desktop Services and is prone to the remote code execution vulnerability known as 'BlueKeep'.

Detection Method:
Sends a specially crafted request to the target systems Remote Desktop Service via RDP and checks the response.

Technical Details:
A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. For an in-depth analysis and further technical insights and details please see the references.

Impact:
Successful exploitation would allow an attacker to execute arbitrary code on the target system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Affected Versions:
Microsoft Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, Windows Vista and Windows XP (including Embedded).

Recommendations:
The vendor has released updates. Please see the references for more information. As a workaround enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2. NOTE: After enabling NLA affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

Detection Type:
Remote Vulnerability

Solution Type:
Vendor Patch

Search
Severity
High
CVSS Score
10.0
Published
2019-07-05 11:44:28
Modified
2019-08-05 06:42:19
CVE
CVE-2019-0708
BID
108273

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.