Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep | VerSprite Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep | VerSprite

Home  |  Resources  |  Microsoft Windows

Microsoft Windows Remote Code Execution (RCE) Vulnerability: BlueKeep

Written By: Jason Bell

< Back to Blog Home

Microsoft BlueKeep Vulnerability

On June 17, 2019 the Department of Homeland Security (DHS) issued an alert for the Microsoft Windows Remote Code Execution (RCE) vulnerability named BlueKeep and CVE-2019-0708.

In the alert, DHS warns that Windows users that utilize Remote Desktop Services (RDS) to patch their systems due to the BlueKeep RCE. The Cybersecurity and Infrastructure Security Agency (CISA) successfully achieved RCE on a Windows 2000 test machine.

The exploit can be achieved by sending specially crafted packets to the targeted device, this vulnerability has been compared to the EternalBlue exploit for being wormable. EternalBlue was used inside the WannaCry ransomware in 2017.

Proof-of-concept exploits for both BlueKeep and CVE-2019-0708 have not yet been discovered in the wild. However, experts agree that it is only a matter of time before they become public. Microsoft has issued patches for Windows XP, 7, Server 2003 and 2008, newer versions of the OS seem to be unaffected.

It is recommended that a scan of the network to see if there are any vulnerable machines. Using the tool available for download here: https://github.com/robertdavidgraham/rdpscan.

There are downloads of pre-compiled binaries for use on both Windows and macOS.

Make sure to stay up to date on other vulnerabilities to patch or watch out for, as well as any advisories our research team releases.

We are an international squad of professionals working as one.

logos