CVE-2019-0708

GPTKB entity

Statements (33)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:access No
gptkbp:affects gptkb:Microsoft_Windows
gptkbp:affectsComponent gptkb:Remote_Desktop_Services
gptkbp:alsoKnownAs gptkb:BlueKeep
gptkbp:citation https://nvd.nist.gov/vuln/detail/CVE-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
gptkbp:cweID gptkb:CWE-416
gptkbp:describes A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.
gptkbp:discoveredIn 2019
gptkbp:doesNotAffectVersion gptkb:Windows_8
gptkb:Windows_10
gptkbp:exploits Yes
gptkbp:hasCVEID gptkb:CVE-2019-0708
gptkbp:hasCVSSScore 9.8
gptkbp:hasExploitCode Yes
gptkbp:hasSeverity Critical
gptkbp:hasVersion gptkb:Windows_Server_2008_R2
gptkb:Windows_7
gptkb:Windows_Server_2008
https://www.w3.org/2000/01/rdf-schema#label CVE-2019-0708
gptkbp:isWormable Yes
gptkbp:mitigatedBy Disable Remote Desktop Services if not required
Enable Network Level Authentication (NLA)
gptkbp:notableFor Wormable vulnerability
gptkbp:patchedBy Microsoft Security Update May 2019
gptkbp:publicationDate 2019-05-14
gptkbp:requiresUserInteraction No
gptkbp:vectorFor gptkb:network_protocol
gptkbp:vulnerableTo Remote Code Execution
gptkbp:bfsParent gptkb:APT3
gptkb:BlueKeep
gptkbp:bfsLayer 7