BlueKeep (CVE-2019-0708)

BlueKeep is a pre-authentication heap overflow in Microsoft Remote Desktop Services on legacy Windows versions, with worm potential comparable to EternalBlue.

Definition

BlueKeep (CVE-2019-0708) is a pre-authentication heap-corruption vulnerability in Microsoft Remote Desktop Services (RDP) on Windows XP, Windows 7, Server 2003, and Server 2008. The vulnerability is "wormable" — exploitation requires no authentication and no user interaction — and Microsoft took the unusual step of issuing patches for already-EOL operating systems given the severity.

Impact

Pre-auth RCE on internet-facing RDP; worm potential.

Mitigation

Apply the May 2019 patches. Disable RDP where not needed. Require Network Level Authentication (NLA).

See also

References