Detections
Analytics
CVE-2019-0708
critical
Description
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
From the Tenable Blog
CVE-2019-0708: BlueKeep Exploited in the Wild to Deliver Cryptocurrency Miner
Published: 2019-11-04
Researchers identify the first in-the-wild exploit of the BlueKeep vulnerability nearly six months after it was disclosed. Background On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep.
CVE-2019-0708: BlueKeep Exploits Could Be Around the Corner
Published: 2019-08-01
Nearly 80 days after the announcement of BlueKeep, threats of exploitation remain. Those who have not patched remain at risk as rumors of exploit scripts surface.
WatchBog Malware Adds BlueKeep Scanner (CVE-2019-0708), New Exploits (CVE-2019-10149, CVE-2019-11581)
Published: 2019-07-25
Scanner for “BlueKeep” vulnerability and newly minted exploits for Exim and Jira incorporated into cryptocurrency mining malware.
Critical 'BlueKeep' Vulnerability CVE-2019-0708 Addressed in Patch Tuesday Updates
Published: 2019-05-14
Microsoft has released its May 2019 Security Updates, which includes a fix for BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability affecting the Remote Desktop Service.
References
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective
https://www.tenable.com/blog/from-bugs-to-breaches-25-significant-cves-as-mitre-cve-turns-25
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/blog/examining-the-treat-landscape
https://www.tenable.com/blog/how-covid-19-response-is-expanding-the-cyberattack-surface
https://www.tenable.com/blog/tenable-roundup-for-microsoft-s-august-2019-patch-tuesday-dejablue
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
Details
Published: 2019-05-16
Updated: 2025-04-07
Named Vulnerability: Microsoft Remote Desktop Services Remote Code Execution (BlueKeep)Named Vulnerability: DejaBlueNamed Vulnerability: BlueKeepKnown Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.94445