Critical 'BlueKeep' Vulnerability CVE-2019-0708 Addressed in Patch Tuesday Updates
Microsoft has released its May 2019 Security Updates, which includes a fix for BlueKeep (CVE-2019-0708), a critical remote code execution vulnerability affecting the Remote Desktop Service.
Background
Microsoft has released its monthly security update for May. Included in this month's Patch Tuesday release is CVE-2019-0708, titled BlueKeep, a critical remote code execution vulnerability that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP).
Analisi
The vulnerability exists in the way that the RDP service handles incoming requests. An attacker can send a malicious request to the RDP service and, due to improperly sanitized request handling, the target will execute the malicious code injected into the request. CVE-2019-0708 is a pre-authentication vulnerability that requires no user interaction, which would result in attacks exploiting it to spread in a manner similar to WannaCry. While there isn’t any public proof-of-concept (PoC) or exploit script code available at this time, we anticipate that won’t be the case for long.
Nearly 80 days after the announcement of BlueKeep, threats of exploitation remain. Learn more here.
This vulnerability provides attackers with a common attack vector that many internet-facing Windows assets are likely to have running. Shodan and Binary Edge searches both show millions of internet-facing assets with actively listening RDP services.
Solution
Tenable recommends applying the full May 2019 Security Update from Microsoft for all vulnerable assets. For CVE-2019-0708, Microsoft has provided updates for Windows 7, Windows Server 2008 and Windows Server 2008 R2. Additionally, Microsoft has provided patches for out-of-support systems, including Windows XP, Windows XP Professional, Windows XP Embedded and Windows Server 2003.
Affected systems that have Network Level Authentication (NLA) enabled aren’t vulnerable to unauthenticated attack, but If an attacker has valid credentials this vulnerability is still exploitable.
Identifying affected systems
For identifying systems without NLA enabled, please use plugin 58453.
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Our remote checks for CVE-2019-0708 can be found here.
Get more information
- May Patch Tuesday Information
- Microsoft's CVE-2019-0708 Advisory Page
- Security Only Update for CVE-2019-0708
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Articoli correlati
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
June 3, 2024Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from attackers.
Cybersecurity Snapshot: EPA Urges Water Plants To Boost Cybersecurity, as OpenSSF Launches Threat Intel Platform for Open Source Software
May 24, 2024Check out the EPA’s call for water plants to beef up their cyber defenses. Plus, open source developers have a new platform to share threat intelligence. Moreover, business email compromise attacks prompt alert from U.K.’s cyber agency. And CISA tackles DNS encryption best practices. And much more!
How the regreSSHion Vulnerability Could Impact Your Cloud Environment
July 5, 2024With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable Cloud Security can help.
Cybersecurity Snapshot: Malicious Versions of Cobalt Strike Taken Down, While Microsoft Notifies More Orgs About Midnight Blizzard Email Breach
July 5, 2024Check out the results of a multinational operation against illegal instances of Cobalt Strike. Plus, more organizations are learning that Midnight Blizzard accessed their email exchanges with Microsoft. Meanwhile, Carnegie Mellon has a new report about how to fix and mitigate API vulnerabilities. And two new reports shed light on cyber insurance trends. And much more!
Cybersecurity Snapshot: Memory Bugs Pervasive in Open Source SW, While Car Dealership Chaos Persists After Ransomware Attack
June 28, 2024Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a majority of organizations grew their cyber budgets this year. And learn how confidential data from U.S. chemical facilities may have been accessed by hackers. And much more!
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning