Security Team Intelligence
Trending CVEs for the Week of May 20th, 2019
- May 22, 2019
- Michael Tucker
CVE-2019-0708 – BlueKeep – Wormable RDP Vulnerability
NopSec advises you to apply patches immediately.
Description
CVE-2019-0708 is a critical remote code execution vulnerability which exist in Remote Desktop Services – formerly known as Terminal – when an unauthenticated attacker connects to the target system using Remote Desktop Protocol (RDP).
Affected Operating Systems
- Windows 2003
- Windows XP
- Windows 7
- Windows Server 2008
- Windows Server 2008 R2
Exploitation and Risk
It has been noted that the security flaw is “wormable”, meaning an exploit can be used to infect other devices on far more networks, There is a high chance of a spreading due to systems using default passwords or no passwords.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
According to the Microsoft Advisory, the issue was serious enough that it led to Remote Code Execution and was wormable flaw, meaning it could spread automatically on unprotected systems. That is why Microsoft released patches even for out-of-the support versions Windows 2003 & XP.
Fixes
Due to the severity of CVE-2019-0708, we suggest you to apply patches immediately from Microsoft Security Guide.
If you can’t apply the patch immediately, you can take the following steps:
- Disable RDP from outside of your network and limit it internally, if not required
- Block TCP port 3389 at the firewall
- Enable Network Level Authentication (NLA)
However, NopSec strongly suggests you to apply patches immediately.
