contact us

Finding and Patching the Microsoft ‘BlueKeep’ Vulnerability (CVE-2019-0708)

by May 22, 2019

Finding and Patching the Microsoft ‘BlueKeep’ Vulnerability (CVE-2019-0708)

This past week a serious vulnerability that affects some older versions of Windows, CVE-2019-0708, was disclosed for which Microsoft has produced a patch. This vulnerability in Remote Desktop Services (aka Terminal Services) could allow an attacker to execute arbitrary code on a target system by sending specially crafted requests. Once exploited, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This vulnerability is such a critical risk that Microsoft is actively alerting customers to install the patch before a WannaCry-like worm is created to exploit the flaw.

Pretty scary stuff for something having a cute nickname of “BlueKeep”.

Microsoft has posted a number of security updates, but most organizations are hampered by the fact that their vulnerability scanners can NOT presently test for this critical vulnerability.

To help organizations determine their exposure, RiskSense Senior Security Researcher Sean Dillon (@zerosum0x0) has worked with JaGoTu (@JaGoTu) to create a Metasploit plugin to scan for this new Microsoft vulnerability, available here. It scans for the vulnerability, but does not exploit it, to help you determine what exposure you might have.

Interestingly, this is the second time Microsoft has released a patch for end-of-life Windows XP versions. The only previous time was a patch for MS17-010, which prevents the EternalBlue exploit and others of that family. EternalBlue was the mechanism WannaCry used to propagate into a global attack.

RiskSense Logo
RiskSense®, Inc. provides vulnerability management and remediation prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform delivers Risk-Based Vulnerability Management, Application Security Orchestration and Correlation, in addition to our Vulnerability Knowledge Base.These products bring insight to the wide views of vulnerability risk with adversarial threat-context and ties to ransomware. With Vulnerability Risk Rating, threat analytics, and automated playbooks prioritize actions for critical security weaknesses dramatically improving security and IT efficiency and effectiveness of managing attack surface risk.

Contact us at

+1 505-217-9422

Follow Risksense on LinkedIn Follow Risksense on Twitter

© 2021 RiskSense, Inc. All rights reserved.
Legal Notices, Privacy Policy, and Customer Agreements | Site Map