Vulnerability Details : CVE-2019-0708
Public exploit exists!
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Vulnerability category: Execute code
CVE-2019-0708 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerabil
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2019-0708
Probability of exploitation activity in the next 30 days: 97.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2019-0708
-
CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
Disclosure Date: 2019-05-14First seen: 2020-04-26auxiliary/scanner/rdp/cve_2019_0708_bluekeepThis module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts. It can optionally trigger the DoS vulnerab -
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
Disclosure Date: 2019-05-14First seen: 2020-04-26exploit/windows/rdp/cve_2019_0708_bluekeep_rceThe RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed ch
CVSS scores for CVE-2019-0708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-0708
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-0708
-
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
Microsoft RDP Remote Code Execution ≈ Packet Storm
-
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
Microsoft Windows Remote Desktop BlueKeep Denial Of Service ≈ Packet StormThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
BlueKeep RDP Remote Windows Kernel Use-After-Free ≈ Packet Storm
-
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
Microsoft Windows RDP BlueKeep Denial Of Service ≈ Packet Storm
-
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
Microsoft Windows 7 (x86) BlueKeep RDP Use-After-Free ≈ Packet Storm
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows SystemsThird Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
Third Party Advisory
-
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
Security Notice - Statement on Microsoft Remote Code Execution Vulnerability(CVE-2019-0708)Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
CVE-2019-0708 | Remote Desktop Services Remote Code Execution VulnerabilityPatch;Vendor Advisory
Products affected by CVE-2019-0708
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*