BlueKeep - Remote Code Execution (CVE-2019-0708)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
Remote Desktop Protocol implementation is affected by a Remote Code Execution vulnerability in Microsoft Windows. The root cause of this vulnerability is an use-after-free vulnerability that exists in Microsoft Windows RDP kernel driver, termdd.sys.
- Risk description
The risk exists that a remote unauthenticated attacker can exploit this vulnerability by establishing a Remote Desktop Protocol connection with the target server whilst opening an MS_T120 channel, and sending crafted data to it. Successful exploitation will result in the attacker being able to execute arbitrary code with Administrative (kernel-level) privileges.
- Recommendation
Enable the Windows Updates which will install the latest patches for the Windows version. If an update is not possible disable Remote Desktop Services.
- References
https://nvd.nist.gov/vuln/detail/CVE-2019-0708
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0708
- Codename
- BlueKeep
- Detectable with
- Network Scanner
- Exploitable with Sniper
- No
- Vuln date
- May 2019
- Published at
- Updated at
- Software Type
- Operating system
- Vendor
- Microsoft
- Product
- Windows