CVE-2019-0708

Name of the Vulnerable Software and Affected Versions Microsoft Windows Remote Desktop Services versions prior to patchday of May 2019 Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2

Description A remote code execution vulnerability exists in Remote Desktop Services (formerly known as Terminal Services) when an unauthenticated attacker connects to a target system using RDP and sends specially crafted requests. This vulnerability occurs during pre-authentication and does not require user interaction. Successful exploitation allows an attacker to execute arbitrary code on the target system, potentially enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The vulnerability, also known as 'BlueKeep' (CVE-2019-0708), has been observed in attacks by the Kimsuky APT group. Reports indicate that malicious actors are distributing malware disguised as exploits for this vulnerability, such as Houdini RAT. There have been instances of attackers attempting to exploit this vulnerability, and scans indicate a significant percentage of publicly accessible RDP services remain vulnerable.

Recommendations Windows 2003: Apply the latest security updates available from Microsoft. Windows XP: Apply the latest security updates available from Microsoft. Windows Vista: Apply the latest security updates available from Microsoft. Windows 7: Apply the latest security updates available from Microsoft. Windows Server 2008: Apply the latest security updates available from Microsoft. Windows Server 2008 R2: Apply the latest security updates available from Microsoft.