September 9, 2019

Cyber Alert: Microsoft BlueKeep (CVE-2019-0708) Vulnerability

by: Align

Update for Microsoft BlueKeep (CVE-2019-0708) Vulnerability


Please take notice that on Friday, September 6th, 2019, the Metasploit Project added an exploit module for the vulnerability known as BlueKeep (CVE-2019-0708). 

Unlike the previous publicly released BlueKeep exploits, the recent release allows for remote-code execution. Although there are no reported attacks in the wild at this time, the Align team expects exploit attempts imminently. 

BlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the following Microsoft Windows Operating Systems:

  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled. BlueKeep is considered “wormable” because malware exploiting this vulnerability on a system could propagate to other vulnerable systems; thus, a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.

Security Recommendations

For more information, please contact Align Managed Services via email

- The Align Managed Services Team

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC