CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%
A bug in Windows Remote Desktop protocol allows unauthenticated users to run arbitrary code via a specially crafted request to the service. This affects Windows 7/Windows Server 2008 and earlier releases. Given the ubiquity of RDP in corporate environments and the trusted nature of RDP, this could pose serious concerns for ransomware attacks much like WannaCry.
Patches are released for Windows 7/2008 Operating systems as well as Windows XP.
Recent assessments:
OJ at December 02, 2019 9:35pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
kevthehermit at February 22, 2020 10:52pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
busterb at August 28, 2019 12:35am UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
bwatters-r7 at May 14, 2019 6:32pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
space-r7 at May 14, 2019 8:25pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
meikster at July 21, 2020 3:50pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
asoto-r7 at May 14, 2019 8:16pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
bulw4rk at March 29, 2020 4:46pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
lvarela-r7 at April 16, 2020 2:00pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
J3rryBl4nks at March 03, 2020 4:18pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
wvu-r7 at May 14, 2019 8:21pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
gwillcox-r7 at October 20, 2020 5:57pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
ccondon-r7 at July 26, 2024 1:44pm UTC reported:
The effort to execute the exploit out of the box, with default settings on known targets is not that high. It’s important to note that to exploit this reliably in atypical scenarios you need to know a bit more detail of the target, including what hypervisor it may be running on.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3
packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
support.microsoft.com/en-us/help/4499164/windows-7-update-kb4499164
us-cert.cisa.gov/ncas/alerts/aa20-275a
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.thezdi.com/blog/2019/5/14/the-may-2019-security-update-review
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%