Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Microsoft Windows Remote Desktop Services 'CVE-2019-0708' Remote Code Execution Vulnerability (BlueKeep) - (Remote Active)

Information

Severity

Severity

Critical

Family

Family

Windows : Microsoft Bulletins

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

4 years ago

Modified

Modified

4 years ago

Summary

This host is running Microsoft Windows Remote Desktop Services and is prone to the remote code execution vulnerability known as 'BlueKeep'.

Insight

Insight

A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. For an in-depth analysis and further technical insights and details please see the references.

Affected Software

Affected Software

Microsoft Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, Windows Vista and Windows XP (including Embedded).

Detection Method

Detection Method

Sends a specially crafted request to the target systems Remote Desktop Service via RDP and checks the response.

Solution

Solution

The vendor has released updates. Please see the references for more information. As a workaround enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2. NOTE: After enabling NLA affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

Common Vulnerabilities and Exposures (CVE)