Back to KEVs

CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 26, 2018
Published Date
May 16, 2019
Last Updated
February 07, 2025
Vendor
Microsoft
Product
Windows, Windows Server
Description
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS Scores

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2019-05-15 13:49:09 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb 2025-04-29 11:01:43 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

cve_2019_0708_bluekeep_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-0708

offensity/CVE-2019-0708

Type: github • Created: 2021-12-20 14:57:23 UTC • Stars: 0

pywc/CVE-2019-0708

Type: github • Created: 2021-06-21 03:57:15 UTC • Stars: 0

CircuitSoul/CVE-2019-0708

Type: github • Created: 2021-06-19 21:55:57 UTC • Stars: 1

POC-CVE-2019-0708

DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit

Type: github • Created: 2020-12-03 07:40:19 UTC • Stars: 2

Scan through given ip list

JSec1337/Scanner-CVE-2019-0708

Type: github • Created: 2020-03-17 05:05:14 UTC • Stars: 1

Scanner CVE-2019-0708

RICSecLab/CVE-2019-0708

Type: github • Created: 2020-03-15 19:33:53 UTC • Stars: 137

CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7

eastmountyxz/CVE-2019-0708-Windows

Type: github • Created: 2020-02-19 05:40:22 UTC • Stars: 5

这篇文章将分享Windows远程桌面服务漏洞(CVE-2019-0708),并详细讲解该漏洞及防御措施。作者作为网络安全的小白,分享一些自学基础教程给大家,主要是关于安全工具和实践操作的在线笔记,希望您们喜欢。同时,更希望您能与我一起操作和进步,后续将深入学习网络安全和系统安全知识并分享相关实验。总之,希望该系列文章对博友有所帮助,写文不易,大神们不喜勿喷,谢谢!

cbwang505/CVE-2019-0708-EXP-Windows

Type: github • Created: 2020-01-21 02:22:29 UTC • Stars: 323

CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell

worawit/CVE-2019-0708

Type: github • Created: 2019-12-07 10:13:11 UTC • Stars: 107

CVE-2019-0708 (BlueKeep)

1aa87148377/CVE-2019-0708

Type: github • Created: 2019-09-17 05:15:28 UTC • Stars: 1

distance-vector/CVE-2019-0708

Type: github • Created: 2019-09-11 02:19:19 UTC • Stars: 1

qing-root/CVE-2019-0708-EXP-MSF-

Type: github • Created: 2019-09-07 14:02:50 UTC • Stars: 10

CVE-2019-0708-EXP(MSF) Vulnerability exploit program for cve-2019-0708

0x6b7966/CVE-2019-0708-RCE

Type: github • Created: 2019-09-07 08:35:03 UTC • Stars: 1

CVE-2019-0708 RCE远程代码执行getshell教程

FrostsaberX/CVE-2019-0708

Type: github • Created: 2019-09-07 07:32:14 UTC • Stars: 4

CVE-2019-0708 With Metasploit-Framework Exploit

wqsemc/CVE-2019-0708

Type: github • Created: 2019-09-07 00:28:45 UTC • Stars: 12

initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.

RickGeex/msf-module-CVE-2019-0708

Type: github • Created: 2019-09-06 19:46:03 UTC • Stars: 13

Metasploit module for CVE-2019-0708 (BlueKeep) - https://github.com/rapid7/metasploit-framework/tree/5a0119b04309c8e61b44763ac08811cd3ecbbf8d/modules/exploits/windows/rdp

skommando/CVE-2019-0708

Type: github • Created: 2019-09-03 10:25:48 UTC • Stars: 2

CVE-2019-0708 BlueKeep漏洞批量扫描工具和POC,暂时只有蓝屏。

dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-

Type: github • Created: 2019-08-17 17:23:53 UTC • Stars: 119

rce exploit , made to work with pocsuite3

andripwn/CVE-2019-0708

Type: github • Created: 2019-07-18 20:53:54 UTC • Stars: 3

Scanner PoC for CVE-2019-0708 RDP RCE vuln

ze0r/CVE-2019-0708-exp

Type: github • Created: 2019-07-04 01:49:22 UTC • Stars: 12

wdfcc/CVE-2019-0708

Type: github • Created: 2019-06-20 02:19:17 UTC • Stars: 1

ZhaoYukai/CVE-2019-0708-Batch-Blue-Screen

Type: github • Created: 2019-06-13 16:57:00 UTC • Stars: 0

改写某大佬写的0708蓝屏脚本 改为网段批量蓝屏

ZhaoYukai/CVE-2019-0708

Type: github • Created: 2019-06-13 16:56:48 UTC • Stars: 0

蓝屏poc

cream-sec/CVE-2019-0708-Msf--

Type: github • Created: 2019-06-12 03:37:39 UTC • Stars: 1

CVE-2019-0708-Msf-验证

at0mik/CVE-2019-0708-PoC

Type: github • Created: 2019-06-11 09:38:36 UTC • Stars: 17

CVE-2019-0708-PoC It is a semi-functional exploit capable of remotely accessing a Windows computer by exploiting the aforementioned vulnerability, this repository also contains notes on how to complete the attack.

Pa55w0rd/CVE-2019-0708

Type: github • Created: 2019-06-11 05:38:26 UTC • Stars: 13

CVE-2019-0708批量检测

umarfarook882/CVE-2019-0708

Type: github • Created: 2019-05-31 17:37:26 UTC • Stars: 40

CVE-2019-0708 - BlueKeep (RDP)

AdministratorGithub/CVE-2019-0708

Type: github • Created: 2019-05-31 09:59:30 UTC • Stars: 1

CVE-2019-0708批量蓝屏恶搞

JasonLOU/CVE-2019-0708

Type: github • Created: 2019-05-31 02:28:23 UTC • Stars: 1

algo7/bluekeep_CVE-2019-0708_poc_to_exploit

Type: github • Created: 2019-05-31 00:04:12 UTC • Stars: 345

An Attempt to Port BlueKeep PoC from @Ekultek to actual exploits

UraSecTeam/CVE-2019-0708

Type: github • Created: 2019-05-30 08:59:49 UTC • Stars: 1

CVE-2019-0708

haishanzheng/CVE-2019-0708-generate-hosts

Type: github • Created: 2019-05-29 14:29:32 UTC • Stars: 2

infiniti-team/CVE-2019-0708

Type: github • Created: 2019-05-29 05:51:07 UTC • Stars: 6

ht0Ruial/CVE-2019-0708Poc-BatchScanning

Type: github • Created: 2019-05-28 16:09:10 UTC • Stars: 5

基于360公开的无损检测工具的可直接在windows上运行的批量检测程序

Leoid/CVE-2019-0708

Type: github • Created: 2019-05-28 02:25:21 UTC • Stars: 128

Only Hitting PoC [Tested on Windows Server 2008 r2]

SQLDebugger/CVE-2019-0708-Tool

Type: github • Created: 2019-05-24 12:22:35 UTC • Stars: 0

50 first stargazers will get get the tool via email

closethe/CVE-2019-0708-POC

Type: github • Created: 2019-05-24 07:40:05 UTC • Stars: 13

cve-2019-0708 poc .

smallFunction/CVE-2019-0708-POC

Type: github • Created: 2019-05-23 17:02:00 UTC • Stars: 2

Working proof of concept for CVE-2019-0708, spawns remote shell.

gobysec/CVE-2019-0708

Type: github • Created: 2019-05-23 13:54:24 UTC • Stars: 17

Goby support CVE-2019-0708 "BlueKeep" vulnerability check

SugiB3o/Check-vuln-CVE-2019-0708

Type: github • Created: 2019-05-23 07:47:29 UTC • Stars: 6

Check vuln CVE 2019-0708

victor0013/CVE-2019-0708

Type: github • Created: 2019-05-22 02:16:28 UTC • Stars: 2

Scanner PoC for CVE-2019-0708 RDP RCE vuln

zjw88282740/CVE-2019-0708-win7

Type: github • Created: 2019-05-21 13:16:49 UTC • Stars: 1

edvacco/CVE-2019-0708-POC

Type: github • Created: 2019-05-21 10:34:21 UTC • Stars: 2

根据360的程序,整的CVE-2019-0708批量检测

freeide/CVE-2019-0708

Type: github • Created: 2019-05-21 07:51:41 UTC • Stars: 1

High level exploit

n1xbyte/CVE-2019-0708

Type: github • Created: 2019-05-21 06:57:19 UTC • Stars: 493

dump

biggerwing/CVE-2019-0708-poc

Type: github • Created: 2019-05-21 05:38:54 UTC • Stars: 82

CVE-2019-0708 远程代码执行漏洞批量检测

ttsite/CVE-2019-0708

Type: github • Created: 2019-05-21 04:00:49 UTC • Stars: 1

Report fraud

ttsite/CVE-2019-0708-

Type: github • Created: 2019-05-20 04:23:58 UTC • Stars: 2

Announces fraud

skyshell20082008/CVE-2019-0708-PoC-Hitting-Path

Type: github • Created: 2019-05-19 23:32:34 UTC • Stars: 12

It's only hitting vulnerable path in termdd.sys!!! NOT DOS

yushiro/CVE-2019-0708

Type: github • Created: 2019-05-18 00:45:15 UTC • Stars: 1

LOL

blockchainguard/CVE-2019-0708

Type: github • Created: 2019-05-17 03:25:42 UTC • Stars: 5

CVE-2019-0708漏洞MSF批量巡检插件

303sec/CVE-2019-0708

Type: github • Created: 2019-05-16 16:26:30 UTC • Stars: 1

POC for CVE-2019-0708

fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status

Type: github • Created: 2019-05-16 15:47:29 UTC • Stars: 18

Powershell script to run and determine if a specific device has been patched for CVE-2019-0708. This checks to see if the termdd.sys file has been updated appropriate and is at a version level at or greater than the versions released in the 5/14/19 patches.

safly/CVE-2019-0708

Type: github • Created: 2019-05-16 09:55:25 UTC • Stars: 1

CVE-2019-0708 demo

Barry-McCockiner/CVE-2019-0708

Type: github • Created: 2019-05-16 00:45:55 UTC • Stars: 1

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

syriusbughunt/CVE-2019-0708

Type: github • Created: 2019-05-16 00:34:23 UTC • Stars: 39

PoC about CVE-2019-0708 (RDP; Windows 7, Windows Server 2003, Windows Server 2008)

HackerJ0e/CVE-2019-0708

Type: github • Created: 2019-05-15 22:03:28 UTC • Stars: 1

gildaaa/CVE-2019-0708

Type: github • Created: 2019-05-15 20:04:23 UTC • Stars: 1

n0auth/CVE-2019-0708

Type: github • Created: 2019-05-15 19:53:34 UTC • Stars: 11

Totally legitimate

blacksunwen/CVE-2019-0708

Type: github • Created: 2019-05-15 17:56:22 UTC • Stars: 19

CVE-2019-0708

thugcrowd/CVE-2019-0708

Type: github • Created: 2019-05-15 16:33:31 UTC • Stars: 7

sup pry0cc :3

NullByteSuiteDevs/CVE-2019-0708

Type: github • Created: 2019-05-15 16:22:02 UTC • Stars: 6

PoC exploit for BlueKeep (CVE-2019-0708)

jiansiting/CVE-2019-0708

Type: github • Created: 2019-05-15 15:29:05 UTC • Stars: 19

RDP POC

k8gege/CVE-2019-0708

Type: github • Created: 2019-05-15 15:01:38 UTC • Stars: 387

3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)

sbkcbig/CVE-2019-0708-EXPloit

Type: github • Created: 2019-05-15 13:49:09 UTC • Stars: 1

POCexp:https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8

areusecure/CVE-2019-0708

Type: github • Created: 2019-05-15 09:25:04 UTC • Stars: 3

Proof of concept exploit for CVE-2019-0708

temp-user-2014/CVE-2019-0708

Type: github • Created: 2019-05-15 07:24:34 UTC • Stars: 1

CVE-2019-0708

anquanscan/CVE-2019-0708

Type: github • Created: 2019-05-15 04:05:07 UTC • Stars: 9

CVE-2019-0708 exp

SherlockSec/CVE-2019-0708

Type: github • Created: 2019-05-14 21:47:33 UTC • Stars: 13

A Win7 RDP exploit