← back
CVE-2019-0708

CVE-2019-0708

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-416
In short

A critical vulnerability in Windows Remote Desktop Services allows attackers to execute malicious code on a computer remotely without needing a password or login credentials. This is dangerous because attackers can take complete control of affected systems over the internet.

Technical detail

A use-after-free vulnerability (CWE-416) in RDP protocol handling permits unauthenticated remote code execution when specially crafted packets are sent to the RDP service. The attack requires network access to port 3389 but no prior authentication or user interaction, enabling wormable exploitation across vulnerable Windows systems.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows Server
public PoCs found135
githubgithub.com/Ekultek/BlueKeep1183githubgithub.com/robertdavidgraham/rdpscan920githubgithub.com/n1xbyte/CVE-2019-0708496githubgithub.com/k8gege/CVE-2019-0708389githubgithub.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit344githubgithub.com/cbwang505/CVE-2019-0708-EXP-Windows318githubgithub.com/0xeb-bp/bluekeep293githubgithub.com/Cyb0r9/ispy243githubgithub.com/RICSecLab/CVE-2019-0708149githubgithub.com/Leoid/CVE-2019-0708127githubgithub.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-122githubgithub.com/p0p0p0/CVE-2019-0708-exploit121githubgithub.com/worawit/CVE-2019-0708110githubgithub.com/biggerwing/CVE-2019-0708-poc82githubgithub.com/coolboy4me/cve-2019-0708_bluekeep_rce75githubgithub.com/hook-s3c/CVE-2019-0708-poc47githubgithub.com/umarfarook882/CVE-2019-070840githubgithub.com/syriusbughunt/CVE-2019-070839githubgithub.com/rockmelodies/CVE-2019-0708-Exploit31githubgithub.com/Jaky5155/cve-2019-0708-exp30githubgithub.com/HynekPetrak/detect_bluekeep.py27githubgithub.com/mekhalleh/cve-2019-070825githubgithub.com/blacksunwen/CVE-2019-070819githubgithub.com/jiansiting/CVE-2019-070819githubgithub.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status18githubgithub.com/cve-2019-0708-poc/cve-2019-070818githubgithub.com/gobysec/CVE-2019-070817githubgithub.com/cvencoder/cve-2019-070814githubgithub.com/closethe/CVE-2019-0708-POC13githubgithub.com/RickGeex/msf-module-CVE-2019-070813githubgithub.com/Pa55w0rd/CVE-2019-070813githubgithub.com/SherlockSec/CVE-2019-070813githubgithub.com/ze0r/CVE-2019-0708-exp12githubgithub.com/skyshell20082008/CVE-2019-0708-PoC-Hitting-Path12githubgithub.com/wqsemc/CVE-2019-070812githubgithub.com/qing-root/CVE-2019-0708-EXP-MSF-11githubgithub.com/n0auth/CVE-2019-070811githubgithub.com/anquanscan/CVE-2019-07089githubgithub.com/thugcrowd/CVE-2019-07087githubgithub.com/SugiB3o/Check-vuln-CVE-2019-07087githubgithub.com/major203/cve-2019-0708-scan6githubgithub.com/NullByteSuiteDevs/CVE-2019-07086githubgithub.com/infiniti-team/CVE-2019-07086githubgithub.com/blockchainguard/CVE-2019-07085githubgithub.com/ht0Ruial/CVE-2019-0708Poc-BatchScanning5githubgithub.com/eastmountyxz/CVE-2019-0708-Windows5githubgithub.com/turingcompl33t/bluekeep4githubgithub.com/FrostsaberX/CVE-2019-07084githubgithub.com/pry0cc/BlueKeepTracker4githubgithub.com/Ravaan21/Bluekeep-Hunter4githubgithub.com/areusecure/CVE-2019-07083githubgithub.com/andripwn/CVE-2019-07083githubgithub.com/victor0013/CVE-2019-07083githubgithub.com/pry0cc/cve-2019-0708-23githubgithub.com/edvacco/CVE-2019-0708-POC2githubgithub.com/infenet/CVE-2019-07082githubgithub.com/ShadowBrokers-ExploitLeak/CVE-2019-07082githubgithub.com/ttsite/CVE-2019-0708-2githubgithub.com/smallFunction/CVE-2019-0708-POC2githubgithub.com/haishanzheng/CVE-2019-0708-generate-hosts2githubgithub.com/skommando/CVE-2019-07082githubgithub.com/zjw88282740/CVE-2019-0708-win71githubgithub.com/freeide/CVE-2019-07081githubgithub.com/ttsite/CVE-2019-07081githubgithub.com/yushiro/CVE-2019-07081githubgithub.com/UraSecTeam/CVE-2019-07081githubgithub.com/Gh0st0ne/rdpscan-BlueKeep1githubgithub.com/303sec/CVE-2019-07081githubgithub.com/JasonLOU/CVE-2019-07081githubgithub.com/AdministratorGithub/CVE-2019-07081githubgithub.com/safly/CVE-2019-07081githubgithub.com/Barry-McCockiner/CVE-2019-07081githubgithub.com/wdfcc/CVE-2019-07081githubgithub.com/HackerJ0e/CVE-2019-07081githubgithub.com/sbkcbig/CVE-2019-0708-Poc-exploit1githubgithub.com/gildaaa/CVE-2019-07081githubgithub.com/hotdog777714/RDS_CVE-2019-07081githubgithub.com/ntkernel0/CVE-2019-07081githubgithub.com/YSheldon/MS_T1201githubgithub.com/sbkcbig/CVE-2019-0708-EXPloit1githubgithub.com/temp-user-2014/CVE-2019-07081githubgithub.com/0x6b7966/CVE-2019-0708-RCE1githubgithub.com/distance-vector/CVE-2019-07081githubgithub.com/0xFlag/CVE-2019-0708-test1githubgithub.com/1aa87148377/CVE-2019-07081githubgithub.com/ulisesrc/-2-CVE-2019-07081githubgithub.com/cream-sec/CVE-2019-0708-Msf--1githubgithub.com/JSec1337/Scanner-CVE-2019-07081githubgithub.com/nochemax/bLuEkEeP-GUI1githubgithub.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit1githubgithub.com/CircuitSoul/CVE-2019-07081githubgithub.com/tranqtruong/Detect-BlueKeep1githubgithub.com/adyanamul/Remote-Code-Execution-RCE-Exploit-BlueKeep-CVE-2019-0708-PoC1githubgithub.com/herhe/CVE-2019-0708poc1githubgithub.com/xiyangzuishuai/Dark-Network-CVE-2019-07080githubgithub.com/yetiddbb/CVE-2019-0708-PoC0githubgithub.com/denuwanjayasekara/CVE-Exploitation-Reports0githubgithub.com/hualy13/CVE-2019-0708-Check0githubgithub.com/isabelacostaz/CVE-2019-0708-POC0githubgithub.com/benhe119/bluekeepscan0githubgithub.com/lisinan988/CVE-2019-0708-scan0githubgithub.com/offensity/CVE-2019-07080githubgithub.com/davidfortytwo/bluekeep0githubgithub.com/freeide/CVE-2019-0708-PoC-Exploit0githubgithub.com/sbkcbig/CVE-2019-0708-EXPloit-33890githubgithub.com/gousseine-systems/vuln-rabilit-windows70githubgithub.com/rasan2001/Microsoft-Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-07080githubgithub.com/Micr067/CVE-2019-0708RDP-MSF0githubgithub.com/GopeshKachhadiya/Windows-20githubgithub.com/CPT-Jack-A-Castle/Haruster-CVE-2019-0708-Exploit0githubgithub.com/SQLDebugger/CVE-2019-0708-Tool0githubgithub.com/Ameg-yag/Wincrash0githubgithub.com/oneoy/BlueKeep0githubgithub.com/f8al/CVE-2019-0708-POC0githubgithub.com/emmadej1234/bluekeep-metasploit-lab-project0githubgithub.com/Ayomide-29/bluekeep_metasploit_practice0githubgithub.com/ayomideadams61-hub/bluekeep-metsploitable-lab0githubgithub.com/AaronCaiii/CVE-2019-0708-POC0githubgithub.com/Nweks/Bluekeep-Metasploit-Lab-Project0githubgithub.com/ryan-ally/rdp0708scanner0githubgithub.com/sezayi1972/CVE-2019-07080githubgithub.com/zoujialan/CVE-2019-0708-RCE0githubgithub.com/ZhaoYukai/CVE-2019-0708-Batch-Blue-Screen0githubgithub.com/ZhaoYukai/CVE-2019-07080githubgithub.com/pywc/CVE-2019-07080githubgithub.com/bibo318/kali-CVE-2019-0708-lab0cve_referencepacketstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.htmlunverifiedcve_referencepacketstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.htmlunverifiedcve_referencepacketstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47416unverifiedexploitdbwww.exploit-db.com/exploits/47120unverifiedexploitdbwww.exploit-db.com/exploits/47683unverifiedcve_referencepacketstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46946unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.htmlhttp://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.htmlhttp://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.htmlhttp://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.htmlhttp://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdfhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708