Threat response: Remote Desktop Services RCE


Earlier this year, we reported about a vulnerability in Remote Desktop Services (CVE-2019-0708 [1]), also known as ‘BlueKeep’. Recently, a successful exploit has been found in the wild abusing this vulnerability ([2], [3]).


The current exploit tries to install a cryptominer. However, it is possible that new attacks will be developed, which may have worse effects like encryption of devices. The severity of this threat is therefore high according to Northwave.


Microsoft had already rolled out patches when the first Threat Response was sent ([4], [5]). Northwave advises to roll out the patch on affected devices as soon as possible. For the sake of completeness, below is a list of affected versions of Windows:

  • Windows XP (outside active support)
  • Windows Server 2003 (outside active support)
  • Windows Vista (outside active support)
  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2

If you need additional information you can call us by phone or send us an email.

E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85-0437 909 or 0800-1744 (alleen vanuit Nederland)





[4] An overview of the available patches for Windows versions that are currently supported can be found on the following page:

[5] Separate downloads have been made available for Windows XP and Windows Server 2003 on the following page:


Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.