CVE-2019-0708: Microsoft Remote Desktop Services Remote Code Execution

Microsoft Remote Desktop Services Remote Code Execution Vulnerability. Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

• CISA KEV-listed (remediation due 2022-05-03)
• used in ransomware campaigns
• EPSS 94.5% (100.0% percentile)

Detection rules

• Scanner PoC for CVE-2019-0708 RDP RCE Vuln high
• Potential RDP Exploit CVE-2019-0708 medium
• Outbound RDP Connections Over Non-Standard Tools high
• Terminal Service Process Spawn high

Browse the CVE database

Read the full analysis on IntelFusions