CVE-2019-0708 — Microsoft Remote Desktop Services Remote Code Execution Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Remote Desktop Services |
| CWE | CWE-416 |
| CVE ID | CVE-2019-0708 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03