By Jordan Shifflett
A security update published on May 14 fixes a vulnerability in Microsoft’s Remote Desktop Services.
The vulnerability CVE-2019-0708, known as BlueKeep, allows for remote code execution through remote desktop protocol built into supported versions of the Windows Operating System. Affected operating systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. The vulnerability also persists on older unsupported versions such as Windows XP, Vista and Windows 2003.
BlueKeep is listed as a 9.8/10 CRITICAL vulnerability according to the National Vulnerability Database, with an impact score of 5.9 and an exploitability score of 3.9.
According to Microsoft, this vulnerability occurs “when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The important part to note here is that this attack can be carried out without any credentials to the targeted system.
The patch for this vulnerability includes remedies for how Remote Desktop Services deals with connection requests. All of our customers should be aware of the patch, especially those who may have RDP open to the internet.
We advise that patching be done immediately on vulnerable systems. If you have any questions, please contact the LRS IT Solutions Security team.
About the author
Jordan Shifflett is an Information Security Specialist with LRS IT Solutions. Jordan recently joined our security team after receiving a Bachelor of Science in Information Assurance and Security from Illinois State University.