CVE-2019-0708:
A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Services (RDP) that allows an unauthenticated attacker to connect to the target system and send specially crafted requests, known as the Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708).
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:May 16, 2019
- CISA KEV Date:Nov 3, 2021
- Industries Affected:20
902 DaysThreat Predictions
- EPSS Score:94.5
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Services (RDP) that allows an unauthenticated attacker to connect to the target system and send specially crafted requests, known as the Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708).
Overview
CVE-2019-0708, commonly referred to as BlueKeep, is a critical remote code execution flaw in Microsoft Windows Remote Desktop Services that could be exploited over a network by unauthenticated attackers who send crafted RDP requests, potentially allowing full control of affected systems. The issue affects multiple Windows client and server editions listed as affected, including Windows 7 Service Pack 1 (32-bit and x64) and various Windows Server 2008/2008 R2 configurations.
Remediation
- Apply the Microsoft security updates that fix CVE-2019-0708 to all affected Windows editions (Windows 7 SP1, Windows Server 2008/2008 R2 SP1, including core installations where applicable) via Windows Update, WSUS, or enterprise software deployment tooling.
- Enable Network Level Authentication (NLA) for Remote Desktop and require authentication before establishing an RDP session.
- Restrict RDP exposure to trusted networks only: block RDP (port 3389) from the internet at the firewall, or place RDP behind a VPN or Remote Desktop Gateway.
- If RDP must be accessible, enforce strong authentication (prefer VPN + MFA) and consider enabling additional protections such as RD Gateway and IP allowlists.
- Disable RDP on systems that do not require it, or isolate unpatched/unsupported hosts from the network until patching is completed.
- Maintain an ongoing patch management process to ensure all affected systems remain up to date and regularly monitor for exploit attempts and related indicators of compromise.
- Validate patches in a testing environment before broad deployment and verify successful remediation across all affected endpoints.
References
- - [Microsoft Advisory CVE-2019-0708 (BlueKeep)](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)
- - [Siemens ProductCERT SSA-932041 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf)
- - [Siemens ProductCERT SSA-616199 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf)
- - [Siemens ProductCERT SSA-433987 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf)
- - [Siemens ProductCERT SSA-832947 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf)
- - [Siemens ProductCERT SSA-166360 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf)
- - [Siemens ProductCERT SSA-406175 (PDF)](https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf)
- - [Huawei PSIRT Advisory SA-20190529-01 Windows En](http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en)
- - [Huawei PSIRT Security Notices SN-20190515-01 Windows En](http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en)
- - [Microsoft Windows Remote Desktop BlueKeep DoS (PacketStorm)](http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html)
- - [Microsoft Windows RDP BlueKeep DoS (PacketStorm)](http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html)
- - [BlueKeep RDP - Kernel Use-After-Free (PacketStorm)](http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html)
- - [Microsoft Windows 7 x86 BlueKeep Use-After-Free (PacketStorm)](http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html)
- - [Microsoft RDP Remote Code Execution (PacketStorm)](http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html)
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:May 4, 2019
- CISA KEV Date:Nov 3, 2021
- Days Early:902 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
