HomePentest-Tools.com Logo

BlueKeep - Remote Code Execution (CVE-2019-0708)

Severity
CVSSv3 Score
9.8
Vulnerability description

Remote Desktop Protocol implementation is affected by a Remote Code Execution vulnerability in Microsoft Windows. The root cause of this vulnerability is an use-after-free vulnerability that exists in Microsoft Windows RDP kernel driver, termdd.sys.

Risk description

The risk exists that a remote unauthenticated attacker can exploit this vulnerability by establishing a Remote Desktop Protocol connection with the target server whilst opening an MS_T120 channel, and sending crafted data to it. Successful exploitation will result in the attacker being able to execute arbitrary code with Administrative (kernel-level) privileges.

Recommendation

Enable the Windows Updates which will install the latest patches for the Windows version. If an update is not possible disable Remote Desktop Services.

Codename
BlueKeep
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
May 2019
Published at
Updated at
Software Type
Operating system
Vendor
Microsoft
Product
Windows