Quick Summary
A recently discovered, critical, flaw affecting Remote Desktop Protocol (RDP) in multiple versions of Microsoft Windows has been discovered. Both Microsoft and the Department Of Homeland Security strongly urges all customers running affected operating systems to make sure their systems are patched immediately by running Windows Updates.
The BlueKeep (CVE-2019-0708) Vulnerability
BlueKeep (AKA: CVE-2019-0708) (Quoted from Microsoft)
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The patch for this vulenerability addresses the issue by correcting how Remote Desktop Services handles connection requests.
Affects The Following Operating Systems
- Windows 2000
- Windows Vista
- Windows XP
- Windows 7
- Windows Server 2003
- Windows Server 2003R2
- Windows Server 2008
- Windows Server 2008R2
NOTE: Windows Server 2012 and higher, Windows 8 and higher (including Windows 10) are not affected by this vulnerability.
Exception(s):
There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.
Manually Patching
The following links offer downloadable hotfixes for manually patching just this exploit.
Windows XP, Server 2003, Server 2003R2 and Vista:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
For info or WSUS deployments, reference (KB4500331, KB4499180)
Category: Security Updates, Critical, Remote Code Execution
Windows 7, Server 2008 And Server 2008R2:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
For info or WSUS deployments, reference (KB4499175, KB4499164, KB4499149, KB4499180)
Category: Security Updates, Critical, Remote Code Execution
DNS Texas Specific -> Additional Note(s)
Customers who have Windows Updates managed by DNS Texas first received these patches starting (SUN Jun 9 2019). The second round of updates has been released today (TUE Jun 18 2019) for all affected Windows 7, Windows 8, Server 2003 and Server 2008 operating systems. If you still have Windows 2000, XP or Vista in your environment, you should manually patch using the guides above.
Tags: #microsoft #bluekeep #securityalerts #security #patch #windows