10
CVSSv2

CVE-2019-0708

Published: 16/05/2019 Updated: 15/07/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Remote Desktop Services component of Microsoft Windows could allow an unauthenticated, remote malicious user to execute arbitrary code on a targeted system. The vulnerability exists because the affected software improperly handles Remote Desktop Protocol (RDP) requests. An attacker could exploit the vulnerability by sending RDP connection requests that submit malicious input to the affected software. A successful exploit could allow the malicious user to execute arbitrary code and completely compromise the system. Microsoft confirmed the vulnerability and released software updates.

Vulnerability Trend

Exploits

#RDP Blue POC by k8gege #Local: Win7 (python) #Target: Win2003 & Win2008 (open 3389) import socket import sys import os import platform buf="" buf+="\x03\x00\x00\x13" # TPKT, Version 3, lenght 19 buf+="\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x00\x00\x00\x00" # ITU-T Rec X224 buf+="\x03\x00\x01\xd6" # TPKT, Version 3, lenght 470 buf+=" ...
import socket, sys, struct from OpenSSL import SSL from impacketstructure import Structure # I'm not responsible for what you use this to accomplish and should only be used for education purposes # Could clean these up since I don't even use them class TPKT(Structure): commonHdr = ( ('Version','B=3'), ('Reserved','B=0'), ('Length','>H= ...
# Exploit Title: Bluekeep Denial of Service (metasploit module) # Shodan Dork: port:3389 # Date: 07/14/2019 # Exploit Author: RAMELLA Sebastien (githubcom/mekhalleh/) # Vendor Homepage: microsoftcom # Version: all affected RDP services by cve-2019-0708 # Tested on: Windows XP (32-bits) / Windows 7 (64-bits) # CVE : 2019-0708 # I ...

Mailing Lists

Microsoft Windows Remote Desktop BlueKeep denial of service exploit ...

Github Repositories

CVE-2019-0708 POC hit path for CVE-2019-0708 and create 31 channels

RDP Proof of Concept This is the proof of concept source code for CVE-2019-0708

CVE-2019-0708-POC cve-2019-0708 poc

CVE-2019-0708-PoC-Exploit CVE-2019-0708 PoC Exploit HI Kevin Beaumont (@GossiTheDog) ! :) Sorry, couldn't resist!

CVE-2019-0708-exp This repository is currently removed due to legal reasons

CVE-2019-0708-Vulnerability-Scanner Powershell script to run and determine if a specific device has been patched for CVE-2019-0708 This checks to see if the termddsys file has been updated appropriate and is at a version level at or greater than the versions released in the 5/14/19 patches

RDS_CVE-2019-0708

cve-2019-0708 CVE-2019-0708 Exploit Tool Tool exploit Remote Desktop Service with CVE-2019-0708 Video Demo: wwwyoutubecom/watch?v=SCsJ9Uq3POk

cve-2019-0708 POC CVE-2019-0708 with python script! Video POC: wwwyoutubecom/watch?v=XVmCtUMELdU

CVE-2019-0708-Vulnerability-Scanner Powershell script to run and determine if a specific device has been patched for CVE-2019-0708 This checks to see if the termddsys file has been updated appropriate and is at a version level at or greater than the versions released in the 5/14/19 patches All termddsys versions were confirmed by Qualys wwwqualyscom/research/secu

CVE-2019-0708 CVE-2019-0708 Scanner PoC by @JaGoTu and @zerosum0x0 In this repo A scanner fork of rdesktop that can detect if a host is vulnerable to CVE-2019-0708 Microsoft Windows Remote Desktop Services Remote Code Execution vulnerability It shouldn't cause denial-of-service, but there is no 100% guarantee across all vulnerable versions of the RDP stack over the year

CVE-2019-0708漏洞MSF批量巡检插件

CVE-2019-0708-POC 食用说明 IP格式:IP:端口,保存到iptxt cve-2019-0708py 100#线程

CVE-2019-0708 CVE-2019-0708 RCE Exploit using Python

CVE-2019-0708-EXPloit-3389 远程桌面(RDP)服务远程代码执行漏洞CVE-2019-0708

BlueKeepScan Simple wrapper over PoC from @zerosum0x0 for checking CVE-2019-0708 in large network in multithreading Prepare First of all you shouldn download and install original: git clone githubcom/zerosum0x0/CVE-2019-0708git cd CVE-2019-0708/rdesktop-fork-bd6aa6acddf0ba640a49834807872f4cc0d0a773/ /bootstrap /configure --disable-credssp --disable-smartcard make

CVE-2019-0708 Unauthenticated CVE-2019-0708 "BlueKeep" Scanner PoC by @JaGoTu and @zerosum0x0 Technical details: zerosum0x0blogspotcom/2019/05/avoiding-dos-how-bluekeep-scanners-workhtml Metasploit Module The Metasploit module has been pulled to rapid7:master msf5> use auxiliary/scanner/rdp/cve_2019_0708_bluekeep githubcom/rapid7/metasplo

rdpscan for CVE-2019-0708 bluekeep vuln This is a quick-and-dirty scanner for the CVE-2019-0708 vulnerability in Microsoft Remote Desktop Right now, there are about 900,000 machines on the public Internet vulnerable to this vulnerability, so many are expect a worm soon like WannaCry and notPetya Therefore, scan your networks and patch (or at least, enable NLA) on vulnerable s

CVE-2019-0708 Totally legitimate

detect_bluekeeppy Python script to detect bluekeep vulnerability - CVE-2019-0708 Work derived from the Metasploit module written by @zerosum0x0 githubcom/zerosum0x0/CVE-2019-0708 Added: some RDP PDU annotations decryption of the server traffic

CVE-2019-0708-Tool Sharing the tool after 50 Stars

CVE-2019-0708

Leaving for a wedding tomorrow, if I can't find anything then someone else take the reins Going to drop the crash PoC here Friday if there isnt one public already Maybe the following week, depending on if the vulnerable numbers drop consistently or not vimeocom/339425966 I'm not responsible for what you use this to accomplish and should only be used for e

CVE-2019-0708-poc CVE-2019-0708 远程代码执行漏洞批量检测 3389_hosts为待检测IP地址清单,一行一个 pool = ThreadPool(10) 为自定义扫描线程 注意 Windows python3环境

CVE-2019-0708 Unauthenticated CVE-2019-0708 "BlueKeep" Scanner PoC by @JaGoTu and @zerosum0x0 Metasploit module PR: githubcom/rapid7/metasploit-framework/pull/11869 In this repo A scanner fork of rdesktop that can detect if a host is vulnerable to CVE-2019-0708 Microsoft Windows Remote Desktop Services Remote Code Execution vulnerability It shouldn't

CVE-2019-0708 CVE-2019-0708批量检测

cve-2019-0708exe -i ip -s cmd You play basketball like cxk

CVE-2019-0708 A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests This vulnerability is pre-authentication and requires no user interaction An attacker who successfully exploited this vulnerabili

CVE-2019-0708 Goby support CVE-2019-0708 "BlueKeep" vulnerability check Respect to @JaGoTu and @zerosum0x0 ScreenShots

CVE-2019-0708 Proof of concept exploit for CVE-2019-0708 Coming soon areusecurese?CVE-2019-0708

CVE-2019-0708 PoC exploit for BlueKeep (CVE-2019-0708) Usage: /PoCpy [TARGET IP] [PORT](defaults to 3389)

CVE-2019-0708 CVE-2019-0708

CVE-2019-0708 CVE-2019-0708批量蓝屏恶搞

CVE-2019-0708-exploit-RCE

CVE-2019-0708 CVE-2019-0708 PoC Exploit on Windows Release tool exploit via C#, Python Script Infected: Windows XP (All) Windows 2003 (All) Windows 7 SP 1 (32 And 64 Bit) Windows Server 2008 Windows Server 2008 R2 Video POC: wwwyoutubecom/watch?v=SCsJ9Uq3POk Download: cve-2019-0708com Contact: Email: cve20190708@gmailcom Skype: live:cve20190708 Website:

CVE-2019-0708-poc 第一时间 更新EXP 坐等大佬更新

bluekeep_CVE-2019-0708_poc_to_exploit Porting BlueKeep PoC from @Ekultek to actual exploits

CVE-2019-0708 Big shout out to the Dox King Krebs and also the thief of inventions and all-purpose fraud, Kevin wwwyoutubecom/watch?v=dQw4w9WgXcQ

Bluekeep PoC This repo contains research concerning CVE-2019-0708 Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems: Windows 2003 Windows XP Windows Vista Windows 7 Windows Server 2008 Windows Server 2008 R2 The vulnerability occurs during pre-authorization and has the potential to run arbitrary malicious code in the NT Author

CVE-2019-0708-PoC Windows RPD Exploit Psych

CVE-2019-0708-exp

CVE-2019-0708-Exploit Using CVE-2019-0708 to Locally Promote Privileges in Windows 10 System

RDS_CVE-2019-0708

CVE-2019-0708-poc CVE-2019-0708 远程代码执行漏洞批量检测 3389_hosts为待检测IP地址清单,一行一个 pool = ThreadPool(10) 为自定义扫描线程 注意 Windows python3环境 使用 编辑3389_hosts,将待检测的IP地址写入文件,一行一个 命令行切换到代码所在的目录,运行python cve-2019-0708py

CVE-2019-0708-PoC-Hitting-Path Really Really Bad, don't judge this code hahaha (it's terrible) It's only hitting vulnerable path in termddsys!!! NOT DOS Tested only on Windows XP Sp3 x86, Windows 7 will need negotiation part probably so it won't work (I hope that work at all) Maybe it will be useful for exploit development

CVE-2019-0708 From Infiniti Team - VinCSS

CVE-2019-0708 sup pry0cc :3

66 61 74 74 2e fingerprint all the things! More info about the fingerprinting methods, sample use-cases and research results will be added to the repo soon Stay tuned! A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic The main use-case is for monitoring honeypots, but you can also use it

CVE-2019-0708-PoC-Hitting-Path Really Really Bad, don't judge this code hahaha (it's terrible) It's only hitting vulnerable path in termddsys!!! NOT DOS Tested only on Windows XP Sp3 x86 Maybe it will be useful for exploit development

BKScan BlueKeep (CVE-2019-0708) scanner that works both unauthenticated and authenticated (ie when Network Level Authentication (NLA) is enabled) Requirements: A Windows RDP server If NLA is enabled on the RDP server, a valid user/password that is part of the "Remote Desktop Users" group It is based on FreeRDP and uses Docker to ease compilation/execution It sho

CVE-2019-0708-PoC CVE-2019-0708-PoC We are working for a fully functional exploit

CVE-2019-0708-Batch-Blue-Screen 改写某大佬写的0708蓝屏脚本 改为网段批量蓝屏 使用方法: python3 pocpy 19216820 64 对 19216820 网段内的的所有主机 1-255 批量攻击蓝屏 根据自己所在网段相应的修改即可

CVE-2019-0708 Unauthenticated CVE-2019-0708 "BlueKeep" Scanner PoC by @JaGoTu and @zerosum0x0 Metasploit module PR: githubcom/rapid7/metasploit-framework/pull/11869 In this repo A scanner fork of rdesktop that can detect if a host is vulnerable to CVE-2019-0708 Microsoft Windows Remote Desktop Services Remote Code Execution vulnerability It shouldn't

CVE-2019-0708 PoC Shellcode only tested on x86 versions of Windows thus far Be responsible and only use this with good intentions

CVE-2019-0708 A Win7 RDP exploit

CVE-2019-0708 Exploit In Progress

CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests This vulnerability is pre-authentication and requires no user in

CVE-2019-0708 Our website:buyexploitcom CVE-2019-0708 Remote Code Execute Exploit Support:WINXP/WIN7/WIN2K3/WIN2K8/WIN2K8R2 Mail To :buyexploit@protonmailcom website:buyexploitcom Buy the Exploit please visit website:wwwbuyexploitcom youtube/vxgB5qZ_OEs

CVE-2019-0708 CVE-2019-0708 cssxn 记住此人肮脏的嘴巴 是的,昨天开了个玩笑。玩的开心

CVE-2019-0708 CVE-2019-0708

CVE-2019-0708 POC Exploitation of CVE-2019-0708

CVE-2019-0708 PoC about CVE-2019-0708 (RDP; Windows 7, Windows Server 2003, Windows Server 2008)

CVE-2019-0708 Unauthenticated CVE-2019-0708 "BlueKeep" Scanner PoC by @JaGoTu and @zerosum0x0 Technical details: zerosum0x0blogspotcom/2019/05/avoiding-dos-how-bluekeep-scanners-workhtml Metasploit Module The Metasploit module has been pulled to rapid7:master msf5> use auxiliary/scanner/rdp/cve_2019_0708_bluekeep githubcom/rapid7/metasplo

SwitHak Who am i ? Hello, I am a french #security professionnal interested in #cybersecurity issues and other content related to the previous theme! Spoken languages: EN, FR My motto No system is truly secure, if the attacker has time and ressources, he can compromises your information system! Social You can find me on Twitter: @SwitHak My Work CVE-2019-0708 aka BlueKee

CVE-2019-0708 Pls how 2 hak? i wud liek free esploit thx

Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit This script is written to improve this PoC script githubcom/zerosum0x0/CVE-2019-0708 rdesktop binary was taking too long to timeout so i want it to timeout quicker Multiple ip scan was not possible now you can scan a given ip list Example Run python3 scriptpy rdesktop rdp_ip_list -o vuln_ips For further information please

CVE-2019-0708-EXPloit 收集最新EXP,仅用于开发测试,请勿用于商业用途或非法测试,造成后果自行承担。

cve-2019-0708-exp Exp from Korea I think you'll like it

CVE-2019-0708 PoC Shellcode only tested on x86 versions of Windows thus far Be responsible and only use this with good intentions

CVE-2019-0708 蓝屏poc Leaving for a wedding tomorrow, if I can't find anything then someone else take the reins Going to drop the crash PoC here Friday if there isnt one public already Maybe the following week, depending on if the vulnerable numbers drop consistently or not vimeocom/339425966 I'm not responsible for what you use this to accomplish and s

bluekeep_CVE-2019-0708_poc_to_exploit Porting BlueKeep PoC from @Ekultek to actual exploits The shell codes in the script don't work at the moment

CVE-2019-0708 0708Lppy 为利用CVE2019-0708写的蓝屏攻击程序 操作方式:wwwbilibilicom/video/av57978943

CVE-2019-0708 Windows 'Wormable' RDP PoC youtube/iQkbwhHfohY

CVE-2019-0708-POC

cve-2019-0708-2

CVE-2019-0708 专项漏洞Nessus检测插件

CVE-2019-0708 Blank repo, promise not a troll, just research

The person who started this is a cheater Everyone is careful There will be no reply after this person collects Bitcoin Cheater information Website cve-2019-0708com Mail cve20190708@gmailcom Skype live: cve20190708

title:CVE-2019-0708批量检测 这个批量检测是基于360公开的无损检测工具(0708detectorexe),有以下功能: 单个检测 批量检测 双击0708detector-全自动批量版exe即可使用! 批量检测支持自定义要检测的ip列表,自定义存在漏洞的ip集的储存位置。 批量检测有个缺点就是线程是1,在目标ip数目特

CVE-2019-0708 Waiting for reliable code to create vuln scanner

PoC-CVE-2019-0708 A WiP PoC for CVE 2019-0708

Infosec Resources Collection of resources related to infosec All files, articles or anything here were publicly available, and collected for personal use Tools available at github were forked for archiving Please always refer to the original repo when available Tools Vulnerability Scanners Windows Rdpscan - Scanner PoC for CVE-2019-0708 RDP RCE vuln - githubcom/cgo

Script para baixar e instalar (KB4499175) Microsoft para correção de seguranca CVE-2019-0708 KB REQUER REINICIALIZAÇÃO ATENÇÃO CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2019-0708 A remote code execution vulnerability exists in Remot

testwstestest

CVE-2019-07-08-ExPlOiT-hack-the-planet POC CVE-2019-07-08 for destroy the world!!1 Usage: git clone githubcom/shumtheone/CVE-2019-07-08-ExPlOiT-hack-the-planet cd CVE-2019-07-08-ExPlOiT-hack-the-plan /CVE-2019-07-08sh enjoy!

Recent Articles

BlueKeep patching isn’t progressing fast enough
welivesecurity • Tomáš Foltýn • 17 Jul 2019

As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations to patch the critical flaw post-haste.
The tally, released today by cybersecurity ratings company BitSight, also shows that the number of vulnerable public-facing machines fell by 17 percent between May 31st and July 2nd, after the firm’s previous estima...

Wormable BlueKeep Bug Still Threatens Legions of Windows Systems
Threatpost • Tara Seals • 17 Jul 2019

For the past two months, security researchers have been sounding the alarm about BlueKeep, a critical remote code-execution vulnerability in Microsoft Windows that researchers said could lead to a “mega-worm” global infection. As of July 2, approximately 805,665 systems remain online that are vulnerable to BlueKeep, according to a status update.
The number of susceptible systems represents a decrease of 17.18 percent (167,164 systems) compared to May 31, including 92,082 systems which ...

BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks
BleepingComputer • Ionut Ilascu • 21 Jun 2019

The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue.
BlueKeep exists in the Remote Desktop Protocol (RDP) on older Windows releases that are still supported (Windows 7, Windows Server 2008 R2, and Windows Server 2008) as well as on OS versions that reached end-of-life status (Windows XP, Windows Server 2003).
...

Working BlueKeep Exploit Developed by DHS
Threatpost • Lindsey O'Donnell • 18 Jun 2019

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible.
The alert heightens concerns that malicious actors could soon also develop their own exploits of the BlueKeep flaw. The critical remote code execution vulnerability (CVE-2019-0708), though fixed during Microsoft’s May Patch Tuesday Security Bulletin, cont...

U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert
BleepingComputer • Sergiu Gatlan • 17 Jun 2019

The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw known as BlueKeep.
The Department of Homeland Security's CISA says in the alert issued today that it has achieved remote code execution on a computer running a vulnerable version of Windows 2000.
This is the fourth warning for users to patch or upgrade their systems after two others from Microsoft [1, 2] a...

Finding Windows Systems Affected by BlueKeep Remote Desktop Bug
BleepingComputer • Lawrence Abrams • 11 Jun 2019

On last month's Patch Tuesday, Microsoft announced that a vulnerability in Remote Desktop Services was discovered that could allow a wormable malware, such as a ransomware, to easily propogate through vulnerable systems.
This vulnerability, now known as BlueKeep, was given the unique ID of CVE-2019-0708 and affects Windows 7, Windows 2008 R2, Windows Server 2008, Windows XP, and Windows Server 2003. Due to its severity, Microsoft released patches for all supported versions of Windows as we...

Forget BlueKeep: Beware the GoldBrute
Threatpost • Tara Seals • 07 Jun 2019

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now.
In the past few days, GoldBrute (named after the Java class it uses) has attempted to brute-force Remote Desktop Protocol (RDP) connections for 1.5 million Windows systems and counting, according to Morphus Labs chief research officer Renato Ma...

NSA joins chorus urging Windows users to patch ‘BlueKeep’
welivesecurity • Tomáš Foltýn • 06 Jun 2019

The United States’ National Security Agency (NSA) has issued a rare alert urging Windows users and administrators to waste no time in patching the critical ‘BlueKeep’ security flaw in older Windows systems.
“This is the type of vulnerability that malicious cyber actors frequently exploit through the use of software code that specifically targets the vulnerability,” reads the NSA’s advisory.
It also specifically highlights BlueKeep’s ‘wormable’ nature and draws paral...

BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover
Threatpost • Tara Seals • 05 Jun 2019

A researcher has created a proof-of-concept Metasploit module for the critical BlueKeep vulnerability, which successfully demonstrates how to achieve complete takeover of a target Windows machine.
Reverse engineer Zǝɹosum0x0 tweeted about his success on Tuesday, noting that he plans to keep the module private given the danger that a working exploit could pose to the vast swathe of unpatched systems out there. He also released a video showing a remote code-execution (RCE) exploit working ...

MetaSploit Module Created for BlueKeep Flaw, Private for Now
BleepingComputer • Ionut Ilascu • 05 Jun 2019

A researcher has created a module for the Metasploit penetration testing framework that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution.
BlueKeep is a critical flaw in Remote Desktop Services that affects Windows 7 and Server 2008, as well as the unsupported Windows XP and Server 2003.
It is tracked as CVE-2019-0708 and Microsoft released a fix for it on May 14. A micropatch is available, too, for sy...

Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions
BleepingComputer • Ionut Ilascu • 04 Jun 2019

A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer.
The flaw can be exploited to bypass the lock screen of a Windows machine, even when two-factor authentication (2FA) mechanisms such as Duo Security MFA are used. Other login banners an organization may set up are also bypassed.
The issue is now tracked as CVE-2019-9510 and is described as an authentication bypass using a...

Microsoft Warns Users Again to Patch Wormable BlueKeep Flaw
BleepingComputer • Sergiu Gatlan • 31 May 2019

Microsoft issued a second warning for users of older Windows releases to patch their systems to block potential attackers from abusing the critical Remote Desktop Services (RDS) remote code execution vulnerability dubbed BlueKeep.
The first time, Microsoft issued a security fix designed to protect Windows computers running vulnerable RDS installations and block any malware capable of exploiting the flaw tracked as CVE-2019-0708 and of propagating between unpatched machines.
This sec...

Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable
The Register • Shaun Nichols in San Francisco • 28 May 2019

If you haven't patched CVE-2019-0708 aka BlueKeep, then, well, now would be a good time

The critical Windows Remote Desktop flaw that emerged this month may have set the stage for the worst malware attack in years.
The vulnerability, designated CVE-2019-0708 and dubbed BlueKeep, can be exploited by miscreants to execute malicious code and install malware on vulnerable machines without the need for any user authentication: a hacker simply has to be able to reach the box across the internet or network in order to commandeer it.
It is said to be a "wormable" security hole ...

One Million Devices Open to Wormable Microsoft BlueKeep Flaw
Threatpost • Lindsey O'Donnell • 28 May 2019

One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released.
The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this month. System administrators were urged to immediately deploy fixes as the flaw could pave the way for a similar rapidly-propogating attack on the scale of WannaCry.
Despite that, researchers on Tuesday warned that one milli...

BlueKeep RCE Flaw Gets Micropatch for Always-On Servers
BleepingComputer • Sergiu Gatlan • 24 May 2019

The 0patch platform issued a fix for the Remote Desktop Services RCE vulnerability known as BlueKeep, in the form of a 22 instructions micropatch which can be used to protect always-on servers against exploitation attempts.
The critical software flaw tracked as CVE-2019-0708 and present in both in-support (Windows Server 2008 and Window 7) and out-of-support (Windows 2003 and Window XP) was already patched by Microsoft on May 14, after the vulnerability was disclosed.
However, unl...

Patch now! Why the BlueKeep vulnerability is a big deal
welivesecurity • Ondrej Kubovič • 22 May 2019

Remember the panic that hit organizations around the world on May 12th, 2017 when machine after machine displayed the WannaCryptor ransom screen? Well, we might have a similar incident on our hands in the coming days, weeks or months if companies don’t update or otherwise protect their older Windows systems right away. The reason is BlueKeep, a ‘wormable’ critical Remote Code Execution (RCE) vulnerability in Remote Desktop Services that could soon become the new go-to vector for spreading ...

Researchers Demo PoC For Remote Desktop BlueKeep RCE Exploit
BleepingComputer • Sergiu Gatlan • 22 May 2019

A proof-of-concept remote code execution (RCE) exploit for the wormable BlueKeep vulnerability tracked as CVE-2019-0708 has been demoed by security researchers from McAfee Labs.
Microsoft issued a security fix on May 14 to patch the critical vulnerability on both out-of-support and in-support Windows version, describing the bug as capable to allow malware to self-propagate between vulnerable Windows machines, just "as the WannaCry malware spread across the globe in 2017." 
The ...

Sophos tells users to roll back Microsoft's Patch Tuesday run if they want PC to boot
The Register • Gareth Corfield • 20 May 2019

Yes, the one with the critical security fixes

Brit security software slinger Sophos has advised its customers to uninstall Microsoft's most recent Patch Tuesday run – the same patches that protect servers against the latest Intel cockups.
In an advisory note published over the weekend, Sophos admitted the latest batch of Windows updates are causing the machines of some people using its AV wares to hang on boot, getting stuck while displaying the line "Configuring 30%".
"We have currently only identified the issue on some custo...

BlueKeep Remote Desktop Exploits Are Coming, Patch Now!
BleepingComputer • Ionut Ilascu • 20 May 2019

Update [05.21.2019]: Using information from their research and from public scripts, security professionals at NCC Group have created a network detection rule for CVE-2019-0708. After testing with Suricata IDS/IPS, NCC Group made it publicly available.
Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind.
While the vulnerability i...

Microsoft Patch Tuesday – May 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 15 May 2019

This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.

Posted: 15 May, 201924 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – May 2019This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintai...

Microsoft emits free remote-desktop security patches for WinXP to Server 2008 to avoid another WannaCry
The Register • Iain Thomson in San Francisco • 15 May 2019

Plus plenty of other fixes from Redmond and Adobe – and special guest star Citrix

Patch Tuesday It’s that time of the month again, and Microsoft has released a bumper bundle of security fixes for Patch Tuesday, including one for out-of-support operating systems Windows XP and Server 2003.
Usually support for such aging operating systems costs an arm and a leg, though Redmond has released a freebie because of the serious nature of the critical flaw, assigned CVE-2019-0708, in Remote Desktop Services, or Terminal Services as it was. The vulnerability allows remote code ...

Microsoft Patches Zero-Day Bug Under Active Attack
Threatpost • Tom Spring • 14 May 2019

Microsoft has released a patch for an elevation-of-privileges vulnerability rated important, which is being exploited in the wild.
The bug fix is part of Microsoft’s May Patch Tuesday Security Bulletin. It’s tied to the Windows Error Reporting feature and is being abused by attackers who have gained local access to affected PCs. They are able to trigger arbitrary code-execution in kernel mode — resulting in a complete system compromise.
“They would need to first gain access t...

Microsoft Fixes Critical Remote Desktop Flaw, Blocks Worm Malware
BleepingComputer • Sergiu Gatlan • 14 May 2019

Microsoft patched today a critical Remote Code Execution (RCE) vulnerability found in the Remote Desktop Services (RDS) platform which can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations.
According to Microsoft's Windows IT Pro Center, "Remote Desktop Services (RDS) is the platform of choice for building virtualization solutions for every end customer need, including delivering individual virtualized applications, p...