Threat response: Remote Desktop Services RCE

05-11-2019

Earlier this year, we reported about a vulnerability in Remote Desktop Services (CVE-2019-0708 [1]), also known as ‘BlueKeep’. Recently, a successful exploit has been found in the wild abusing this vulnerability ([2], [3]).

Risk

The current exploit tries to install a cryptominer. However, it is possible that new attacks will be developed, which may have worse effects like encryption of devices. The severity of this threat is therefore high according to Northwave.

Mitigation

Microsoft had already rolled out patches when the first Threat Response was sent ([4], [5]). Northwave advises to roll out the patch on affected devices as soon as possible. For the sake of completeness, below is a list of affected versions of Windows:

  • Windows XP (outside active support)
  • Windows Server 2003 (outside active support)
  • Windows Vista (outside active support)
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2

If you need additional information you can call us by phone or send us an email.

Phone number: 030-3031244 (during business hours)
E-mail: soc@northwave.nl

Do you have an incident right now? Call our CERT number: 0800-2255 2747

Sources

[1] https://nvd.nist.gov/vuln/detail/CVE-2019-0708

[2] https://www.bleepingcomputer.com/news/security/windows-bluekeep-rdp-attacks-are-here-infecting-with-miners/

[3] https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/

[4] An overview of the available patches for Windows versions that are currently supported can be found on the following page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

[5] Separate downloads have been made available for Windows XP and Windows Server 2003 on the following page: https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Disclaimer

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.

Een vraag? Vraag het ons!

1 + 3 = ?

This contact form is deactivated because you refused to accept Google reCaptcha service which is necessary to validate any messages sent by the form.