contact us

Finding and Patching the Microsoft ‘BlueKeep’ Vulnerability (CVE-2019-0708)

by | May 22, 2019

Finding and Patching the Microsoft ‘BlueKeep’ Vulnerability (CVE-2019-0708)

This past week a serious vulnerability that affects some older versions of Windows, CVE-2019-0708, was disclosed for which Microsoft has produced a patch. This vulnerability in Remote Desktop Services (aka Terminal Services) could allow an attacker to execute arbitrary code on a target system by sending specially crafted requests. Once exploited, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This vulnerability is such a critical risk that Microsoft is actively alerting customers to install the patch before a WannaCry-like worm is created to exploit the flaw.

Pretty scary stuff for something having a cute nickname of “BlueKeep”.

Microsoft has posted a number of security updates, but most organizations are hampered by the fact that their vulnerability scanners can NOT presently test for this critical vulnerability.

To help organizations determine their exposure, RiskSense Senior Security Researcher Sean Dillon (@zerosum0x0) has worked with JaGoTu (@JaGoTu) to create a Metasploit plugin to scan for this new Microsoft vulnerability, available here. It scans for the vulnerability, but does not exploit it, to help you determine what exposure you might have.

Interestingly, this is the second time Microsoft has released a patch for end-of-life Windows XP versions. The only previous time was a patch for MS17-010, which prevents the EternalBlue exploit and others of that family. EternalBlue was the mechanism WannaCry used to propagate into a global attack.