{"id":9379,"date":"2019-09-25T02:07:34","date_gmt":"2019-09-25T02:07:34","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9379"},"modified":"2026-04-17T18:07:51","modified_gmt":"2026-04-17T18:07:51","slug":"windows-remote-desktop-services-remote-code-execution-vulnerability-cve-2019-0708-exploit-disclosure-threat-alert","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/windows-remote-desktop-services-remote-code-execution-vulnerability-cve-2019-0708-exploit-disclosure-threat-alert\/","title":{"rendered":"Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) Exploit Disclosure Threat Alert"},"content":{"rendered":"


\n<\/p>\n

    \n
  1. \n

    Exploit Disclosure<\/strong><\/h2>\n<\/li>\n<\/ol>\n

    In the early morning of September 7, Beijing time, a developer disclosed a Metasploit exploit module for the Windows remote desktop services remote code execution vulnerability (CVE-2019-0708) on GitHub. The initial public exploit module (BlueKeep) for the CVE-2019-0708 vulnerability could cause old versions of Windows (Windows 7 SP1 x64 and Windows 2008 R2 x64) to execute code remotely without user interaction. This vulnerability, like WannaCry, will propagate widely, having constituted security threats in the wild. <\/strong><\/p>\n

     \"Red<\/a><\/strong><\/p>\n

    The test shows that this exploit can be successfully used. By default, the BlueKeep module of Metasploit only checks whether the target and its operating system version are vulnerable. Currently, instead of launching attacks automatically, this exploit requires users to manually configure target details<\/strong> prior to further exploitation. If the module does not provide proper configuration parameters during exploitation, this could lead to the blue screen of death (BSoD) to the target host. Currently, hackers have scanned vulnerable devices on a large scale, possibly hitting vulnerable hosts in batches. Therefore, users are strongly recommended to check their assets and immediately download patches for affected devices or take other measures to avoid related threats. <\/strong><\/p>\n

    Reference links:<\/p>\n

    https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/12283?from=timeline&isappinstalled=0<\/p>\n

    https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/12283\/files<\/p>\n

      \n
    1. \n

      Vulnerability Description<\/strong><\/h2>\n<\/li>\n<\/ol>\n

      On April 15, Beijing time, Microsoft released May 2019 security patches that fix 82 vulnerabilities, among which the Windows operating system remote desktop services vulnerability (CVE-2019-0708) poses serious threats. Attackers could exploit this vulnerability to cause remote code execution or worm attacks by sending a malicious request to the target via the RDP protocol.<\/p>\n

      Considering the high risk level of this vulnerability, Microsoft has also released security updates to fix this vulnerability in versions for which official support is no longer available to fix this vulnerability. Currently, the exploit of this vulnerability has been made public, and therefore affected users are advised to download and install patches as soon as possible.<\/p>\n

      Reference links:<\/p>\n

      https:\/\/support.microsoft.com\/en-ca\/help\/4500705\/customer-guidance-for-cve-2019-0708<\/a><\/p>\n

      https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0708<\/p>\n

        \n
      1. \n

        Scope of Impact<\/strong><\/h2>\n<\/li>\n<\/ol>\n

        Affected Versions<\/strong><\/p>\n