Microsoft has released security updates to patch this vulnerability. MitigationsĬISA encourages users and administrators review the Microsoft Security Advisory and the Microsoft Customer Guidance for CVE-2019-0708 and apply the appropriate mitigation measures as soon as possible: ĬISA has coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep. This exploit, which requires no user interaction, must occur before authentication to be successful.īlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.
After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights viewing, changing, or deleting data or installing programs.
An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.Īccording to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. Ministry of Electronics and Information Technology Indian Computer Emergency Response Team (CERT-In) Contact InformationĮmail: Phone: +91-11-24368572 Postal address The information provided herein is on "as is" basis, without warranty of any kind. Microsoft does not normally give patches for out-of-support OSes but made an exception because of the criticality of the vulnerability. Out of Support Windows OSes (Windows XP, Windows 2003): Apply appropriate patches to patch your OS (and strongly recommended to upgrade).
Solution Apply appropriate fix as mentioned in Microsoft Security Advisory Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code and compromise the target system completely. Hence, these vulnerabilities could create a worm, which could lead to propagation of any future malware exploiting the vulnerabilities from one computer to another (Similar to Wannacry ransomware). These vulnerabilities are pre-authentication and does not require any user interaction.
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target systems Remote Desktop Service via RDP. Overview Three vulnerabilities have been reported in Microsoft Windows Remote Desktop Services which could be exploited by a remote attacker to execute remote code on the targeted system.ĭescription These vulnerabilities aka BlueKeep exists in the Microsoft Remote Desktop Services due to improper handling of connection requests. Windows Server, version 1903 (Server Core installation).Windows Server, version 1803 (Server Core Installation).Windows Server 2019 (Server Core installation).Windows Server 2016 (Server Core installation).Windows Server 2012 R2 (Server Core installation).Windows Server 2012 (Server Core installation).Windows Server 2008 R2 for 圆4-based Systems Service Pack 1 (Server Core installation).Windows Server 2008 R2 for 圆4-based Systems Service Pack 1.Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1.