← volver
CVE-2019-0708

CVE-2019-0708

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-416
En resumen

Una vulnerabilidad crítica en el Servicio de Escritorio Remoto de Windows permite a atacantes ejecutar código malicioso en una computadora de forma remota sin necesidad de contraseña o credenciales. Esto es peligroso porque los atacantes pueden obtener control total del sistema afectado a través de internet.

Detalle técnico

Una vulnerabilidad de use-after-free (CWE-416) en el manejo del protocolo RDP permite ejecución remota de código sin autenticación cuando se envían paquetes especialmente manipulados al servicio RDP. El ataque requiere acceso de red al puerto 3389 pero no demanda autenticación previa, permitiendo explotación masiva de sistemas Windows vulnerables.

Resumen generado y traducido por IA a partir de la descripción oficial.
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Microsoft · WindowsMicrosoft · Windows Server
PoCs públicas encontradas135
githubgithub.com/Ekultek/BlueKeep1183githubgithub.com/robertdavidgraham/rdpscan920githubgithub.com/n1xbyte/CVE-2019-0708496githubgithub.com/k8gege/CVE-2019-0708389githubgithub.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit344githubgithub.com/cbwang505/CVE-2019-0708-EXP-Windows318githubgithub.com/0xeb-bp/bluekeep293githubgithub.com/Cyb0r9/ispy243githubgithub.com/RICSecLab/CVE-2019-0708149githubgithub.com/Leoid/CVE-2019-0708127githubgithub.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-122githubgithub.com/p0p0p0/CVE-2019-0708-exploit121githubgithub.com/worawit/CVE-2019-0708110githubgithub.com/biggerwing/CVE-2019-0708-poc82githubgithub.com/coolboy4me/cve-2019-0708_bluekeep_rce75githubgithub.com/hook-s3c/CVE-2019-0708-poc47githubgithub.com/umarfarook882/CVE-2019-070840githubgithub.com/syriusbughunt/CVE-2019-070839githubgithub.com/rockmelodies/CVE-2019-0708-Exploit31githubgithub.com/Jaky5155/cve-2019-0708-exp30githubgithub.com/HynekPetrak/detect_bluekeep.py27githubgithub.com/mekhalleh/cve-2019-070825githubgithub.com/blacksunwen/CVE-2019-070819githubgithub.com/jiansiting/CVE-2019-070819githubgithub.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status18githubgithub.com/cve-2019-0708-poc/cve-2019-070818githubgithub.com/gobysec/CVE-2019-070817githubgithub.com/cvencoder/cve-2019-070814githubgithub.com/closethe/CVE-2019-0708-POC13githubgithub.com/RickGeex/msf-module-CVE-2019-070813githubgithub.com/Pa55w0rd/CVE-2019-070813githubgithub.com/SherlockSec/CVE-2019-070813githubgithub.com/ze0r/CVE-2019-0708-exp12githubgithub.com/skyshell20082008/CVE-2019-0708-PoC-Hitting-Path12githubgithub.com/wqsemc/CVE-2019-070812githubgithub.com/qing-root/CVE-2019-0708-EXP-MSF-11githubgithub.com/n0auth/CVE-2019-070811githubgithub.com/anquanscan/CVE-2019-07089githubgithub.com/thugcrowd/CVE-2019-07087githubgithub.com/SugiB3o/Check-vuln-CVE-2019-07087githubgithub.com/major203/cve-2019-0708-scan6githubgithub.com/NullByteSuiteDevs/CVE-2019-07086githubgithub.com/infiniti-team/CVE-2019-07086githubgithub.com/blockchainguard/CVE-2019-07085githubgithub.com/ht0Ruial/CVE-2019-0708Poc-BatchScanning5githubgithub.com/eastmountyxz/CVE-2019-0708-Windows5githubgithub.com/turingcompl33t/bluekeep4githubgithub.com/FrostsaberX/CVE-2019-07084githubgithub.com/pry0cc/BlueKeepTracker4githubgithub.com/Ravaan21/Bluekeep-Hunter4githubgithub.com/areusecure/CVE-2019-07083githubgithub.com/andripwn/CVE-2019-07083githubgithub.com/victor0013/CVE-2019-07083githubgithub.com/pry0cc/cve-2019-0708-23githubgithub.com/edvacco/CVE-2019-0708-POC2githubgithub.com/infenet/CVE-2019-07082githubgithub.com/ShadowBrokers-ExploitLeak/CVE-2019-07082githubgithub.com/ttsite/CVE-2019-0708-2githubgithub.com/smallFunction/CVE-2019-0708-POC2githubgithub.com/haishanzheng/CVE-2019-0708-generate-hosts2githubgithub.com/skommando/CVE-2019-07082githubgithub.com/zjw88282740/CVE-2019-0708-win71githubgithub.com/freeide/CVE-2019-07081githubgithub.com/ttsite/CVE-2019-07081githubgithub.com/yushiro/CVE-2019-07081githubgithub.com/UraSecTeam/CVE-2019-07081githubgithub.com/Gh0st0ne/rdpscan-BlueKeep1githubgithub.com/303sec/CVE-2019-07081githubgithub.com/JasonLOU/CVE-2019-07081githubgithub.com/AdministratorGithub/CVE-2019-07081githubgithub.com/safly/CVE-2019-07081githubgithub.com/Barry-McCockiner/CVE-2019-07081githubgithub.com/wdfcc/CVE-2019-07081githubgithub.com/HackerJ0e/CVE-2019-07081githubgithub.com/sbkcbig/CVE-2019-0708-Poc-exploit1githubgithub.com/gildaaa/CVE-2019-07081githubgithub.com/hotdog777714/RDS_CVE-2019-07081githubgithub.com/ntkernel0/CVE-2019-07081githubgithub.com/YSheldon/MS_T1201githubgithub.com/sbkcbig/CVE-2019-0708-EXPloit1githubgithub.com/temp-user-2014/CVE-2019-07081githubgithub.com/0x6b7966/CVE-2019-0708-RCE1githubgithub.com/distance-vector/CVE-2019-07081githubgithub.com/0xFlag/CVE-2019-0708-test1githubgithub.com/1aa87148377/CVE-2019-07081githubgithub.com/ulisesrc/-2-CVE-2019-07081githubgithub.com/cream-sec/CVE-2019-0708-Msf--1githubgithub.com/JSec1337/Scanner-CVE-2019-07081githubgithub.com/nochemax/bLuEkEeP-GUI1githubgithub.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit1githubgithub.com/CircuitSoul/CVE-2019-07081githubgithub.com/tranqtruong/Detect-BlueKeep1githubgithub.com/adyanamul/Remote-Code-Execution-RCE-Exploit-BlueKeep-CVE-2019-0708-PoC1githubgithub.com/herhe/CVE-2019-0708poc1githubgithub.com/xiyangzuishuai/Dark-Network-CVE-2019-07080githubgithub.com/yetiddbb/CVE-2019-0708-PoC0githubgithub.com/denuwanjayasekara/CVE-Exploitation-Reports0githubgithub.com/hualy13/CVE-2019-0708-Check0githubgithub.com/isabelacostaz/CVE-2019-0708-POC0githubgithub.com/benhe119/bluekeepscan0githubgithub.com/lisinan988/CVE-2019-0708-scan0githubgithub.com/offensity/CVE-2019-07080githubgithub.com/davidfortytwo/bluekeep0githubgithub.com/freeide/CVE-2019-0708-PoC-Exploit0githubgithub.com/sbkcbig/CVE-2019-0708-EXPloit-33890githubgithub.com/gousseine-systems/vuln-rabilit-windows70githubgithub.com/rasan2001/Microsoft-Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-07080githubgithub.com/Micr067/CVE-2019-0708RDP-MSF0githubgithub.com/GopeshKachhadiya/Windows-20githubgithub.com/CPT-Jack-A-Castle/Haruster-CVE-2019-0708-Exploit0githubgithub.com/SQLDebugger/CVE-2019-0708-Tool0githubgithub.com/Ameg-yag/Wincrash0githubgithub.com/oneoy/BlueKeep0githubgithub.com/f8al/CVE-2019-0708-POC0githubgithub.com/emmadej1234/bluekeep-metasploit-lab-project0githubgithub.com/Ayomide-29/bluekeep_metasploit_practice0githubgithub.com/ayomideadams61-hub/bluekeep-metsploitable-lab0githubgithub.com/AaronCaiii/CVE-2019-0708-POC0githubgithub.com/Nweks/Bluekeep-Metasploit-Lab-Project0githubgithub.com/ryan-ally/rdp0708scanner0githubgithub.com/sezayi1972/CVE-2019-07080githubgithub.com/zoujialan/CVE-2019-0708-RCE0githubgithub.com/ZhaoYukai/CVE-2019-0708-Batch-Blue-Screen0githubgithub.com/ZhaoYukai/CVE-2019-07080githubgithub.com/pywc/CVE-2019-07080githubgithub.com/bibo318/kali-CVE-2019-0708-lab0cve_referencepacketstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.htmlno verificadocve_referencepacketstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.htmlno verificadocve_referencepacketstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.htmlno verificadoexploitdbwww.exploit-db.com/exploits/47416no verificadoexploitdbwww.exploit-db.com/exploits/47120no verificadoexploitdbwww.exploit-db.com/exploits/47683no verificadocve_referencepacketstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.htmlno verificadoexploitdbwww.exploit-db.com/exploits/46946no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.htmlhttp://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.htmlhttp://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.htmlhttp://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.htmlhttp://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdfhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708