BlueKeep (CVE-2019-0708)
BlueKeep is a pre-authentication heap overflow in Microsoft Remote Desktop Services on legacy Windows versions, with worm potential comparable to EternalBlue.
Definition
BlueKeep (CVE-2019-0708) is a pre-authentication heap-corruption vulnerability in Microsoft Remote Desktop Services (RDP) on Windows XP, Windows 7, Server 2003, and Server 2008. The vulnerability is "wormable" — exploitation requires no authentication and no user interaction — and Microsoft took the unusual step of issuing patches for already-EOL operating systems given the severity.
Impact
Pre-auth RCE on internet-facing RDP; worm potential.
Mitigation
Apply the May 2019 patches. Disable RDP where not needed. Require Network Level Authentication (NLA).