A similar Microsoft Windows vulnerability was released about 3 months after the K BlueKeep z (CVE-2019-0708) vulnerability, which was published in the Microsoft Patch Tuesday security bulletin on May 14, 2019.
This vulnerability, called ja DejaBlue ((CVE-2019-1181 / 1182), allows intruders to remotely run remote code via the Microsoft Windows RDP service. Similar to BlueKeep, which was published in May, and its recent release, it has given many people a “dejavu” and named it in this way. CVE codes of vulnerability are as follows;
It is known that vulnerability is caused by a problem in communication in the early stages of the connection. This can be exploited with specially crafted packages without requiring any user name and password.
When the vulnerability is exploited, the attacker will be able to execute any command, delete files, copy or perform other operations on the operating system without permission.
The exploit code or PoC code has not yet been published with limited information on vulnerability.
It is possible for such a critical (RCE) vulnerability to be orm wormable dahilinde in the examinations. With the release of the PoC code, the exploit code can be written or converted. If this type of vulnerability could be armed, an attack the size of “WannaCry abilir could occur.
Windows 10 Version 1607
Windows 10 Version 1703
Windows 10 Version 1709
Windows 10 Version 1803
Windows 10 Version 1809
Windows 10 Version 1903
Windows RT 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server, Version 1803
To resolve the vulnerability, the published update must be installed. You can reach these patches from the link below.
In addition, enabling Network Level Authentication (NLA) on RDP services is recommended as an additional security measure.