Earlier this year, we reported about a vulnerability in Remote Desktop Services (CVE-2019-0708 ), also known as ‘BlueKeep’. Recently, a successful exploit has been found in the wild abusing this vulnerability (, ).
The current exploit tries to install a cryptominer. However, it is possible that new attacks will be developed, which may have worse effects like encryption of devices. The severity of this threat is therefore high according to Northwave.
Microsoft had already rolled out patches when the first Threat Response was sent (, ). Northwave advises to roll out the patch on affected devices as soon as possible. For the sake of completeness, below is a list of affected versions of Windows:
- Windows XP (outside active support)
- Windows Server 2003 (outside active support)
- Windows Vista (outside active support)
- Windows 7
- Windows Server 2008
- Windows Server 2008 R2
If you need additional information you can call us by phone or send us an email.
Phone number: 030-3031244 (during business hours)
Do you have an incident right now? Call our CERT number: 0800-2255 2747
 An overview of the available patches for Windows versions that are currently supported can be found on the following page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
 Separate downloads have been made available for Windows XP and Windows Server 2003 on the following page: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708