CVE-2019-0708

CVE Database · CVE-2019-0708

CVE-2019-0708

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

May 16, 2019

Modified

Oct 29, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (13)

All weaponized →

Exploit-DBMicrosoft Windows Remote Desktop - 'BlueKeep' Denial of Service Exploit-DBMicrosoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)Exploit-DBMicrosoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)Exploit-DBMicrosoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free TrickestTrickest PoC index GitHub PoCEkultek/BlueKeep★1184 GitHub PoCrobertdavidgraham/rdpscan★919 GitHub PoCn1xbyte/CVE-2019-0708★496 GitHub PoCk8gege/CVE-2019-0708★390 GitHub PoCalgo7/bluekeep_CVE-2019-0708_poc_to_exploit★344 GitHub PoCcbwang505/CVE-2019-0708-EXP-Windows★319 GitHub PoC0xeb-bp/bluekeep★293 GitHub PoCCyb0r9/ispy★242

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (139)

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

siemens · axiom_multix_m_firmwarevulnerable

siemens · axiom_multix_m

siemens · axiom_vertix_md_trauma_firmwarevulnerable

siemens · axiom_vertix_md_trauma

siemens · axiom_vertix_solitaire_m_firmwarevulnerable