9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:
An attacker can exploit this vulnerability to take control of an affected system.
BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system.
According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.[1] After successfully sending the packets, the attacker would have the ability to perform a number of actions: adding accounts with full user rights; viewing, changing, or deleting data; or installing programs. This exploit, which requires no user interaction, must occur before authentication to be successful.
BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.[2]
CISA has coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep.
CISA encourages users and administrators review the Microsoft Security Advisory [3] and the Microsoft Customer Guidance for CVE-2019-0708 [4] and apply the appropriate mitigation measures as soon as possible:
For OSs that do not have patches or systems that cannot be patched, other mitigation steps can be used to help protect against BlueKeep:
[1] Microsoft Security Advisory for CVE-2019-0708
[2] White House Press Briefing on the Attribution of the WannaCry Malware Attack to North Korea
[3] Microsoft Security Advisory for CVE-2019-0708
[4] Microsoft Customer Guidance for CVE-2019-0708
June 17, 2019: Initial version|June 17, 2019: Revised technical details section.
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
twitter.com/CISAgov
twitter.com/intent/tweet?text=Microsoft%20Operating%20Systems%20BlueKeep%20Vulnerability+https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-168a
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-168a&title=Microsoft%20Operating%20Systems%20BlueKeep%20Vulnerability
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-168a
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-168a
www.usa.gov/
www.whitehouse.gov/
www.whitehouse.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917
www.whitehouse.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/
www.youtube.com/@cisagov
mailto:?subject=Microsoft%20Operating%20Systems%20BlueKeep%20Vulnerability&body=www.cisa.gov/news-events/cybersecurity-advisories/aa19-168a
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%