Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

In the alert, DHS warns that Windows users that utilize Remote Desktop Services (RDS) to patch their systems due to the BlueKeep RCE. The Cybersecurity and Infrastructure Security Agency (CISA) successfully achieved RCE on a Windows 2000 test machine.

The exploit can be achieved by sending specially crafted packets to the targeted device, this vulnerability has been compared to the EternalBlue exploit for being wormable. EternalBlue was used inside the WannaCry ransomware in 2017.

Proof-of-concept exploits for both BlueKeep and CVE-2019-0708 have not yet been discovered in the wild. However, experts agree that it is only a matter of time before they become public. Microsoft has issued patches for Windows XP, 7, Server 2003 and 2008, newer versions of the OS seem to be unaffected.

It is recommended that a scan of the network to see if there are any vulnerable machines. Using the tool available for download here:

There are downloads of pre-compiled binaries for use on both Windows and macOS.

Make sure to stay up to date on other vulnerabilities to patch or watch out for, as well as any advisories our research team releases.

Identify vulnerable WCF service

Download the Guide

Learn useful techniques to identify vulnerable WCF services, discover what to look for when analyzing decomposed .NET assemblies, including those that have been obfuscated, and watch a demonstration of attacks against real software.