Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Microsoft Windows Remote Desktop Services 'CVE-2019-0708' Remote Code Execution Vulnerability (BlueKeep) - (Remote Active)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is running Microsoft Windows Remote Desktop Services and is prone to the remote code execution vulnerability known as 'BlueKeep'.
Insight
Insight
A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. For an in-depth analysis and further technical insights and details please see the references.
Affected Software
Affected Software
Microsoft Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003 R2, Windows Server 2003, Windows Vista and Windows XP (including Embedded).
Detection Method
Detection Method
Sends a specially crafted request to the target systems Remote Desktop Service via RDP and checks the response.
Solution
Solution
The vendor has released updates. Please see the references for more information. As a workaround enable Network Level Authentication (NLA) on systems running supported editions of Windows 7, Windows Server 2008, and Windows Server 2008 R2. NOTE: After enabling NLA affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
Common Vulnerabilities and Exposures (CVE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE
- https://support.microsoft.com/help/4499164
- https://support.microsoft.com/help/4499175
- https://support.microsoft.com/help/4499149
- https://support.microsoft.com/help/4499180
- https://support.microsoft.com/help/4500331
- https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-
- https://support.microsoft.com/en-us/help/4500705/customer-guidance-for
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/wind
- http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-D
- https://www.malwaretech.com/2019/05/analysis-of-cve-2019-0708-bluekeep
- https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/rdp-stands