Remote Code Execution Vulnerability in Microsoft Remote Desktop Services
CVE-2019-0708

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Windows; Windows Server
Vendor: CVE Published:; 16 May 2019

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%🦅 CISA Reported

What is CVE-2019-0708?

A remote code execution vulnerability in Microsoft Remote Desktop Services allows an unauthenticated attacker to connect to the target system via RDP and execute arbitrary code by sending specially crafted requests. This exploitation can lead to significant security breaches if not mitigated adequately. It is essential for organizations to apply available security patches and implement robust network security measures to safeguard their systems from potential threats associated with this vulnerability.

CISA has reported CVE-2019-0708

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2019-0708 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Core installation)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

BlueKeep
Created by Ekultek

rdpscan
Created by robertdavidgraham

CVE-2019-0708
Created by n1xbyte