NIC-CERT/2019-08/EA-1
Dated: 14-08-2019
CVE ID: CVE-2019-0708
CVE-2019-9506, CVE-2019-0736, CVE-2019-
1188, CVE-2019-0720, CVE-2019-0965
Severity: Critical
Advisory for Critical Microsoft Vulnerabilities
On 13-Aug-2019 Microsoft has released patches for some highly critical vulnerabilities in Windows
0S, which can be exploited by attackers to execute arbitrary code, without requiring any user
interaction, similar to the eternal blue exploit which was used to spread Wannacry ransomware
ighly critical and action should be taken immediately to avoid any
These vulnerabilities are
security compromise.
Details of Vulnerabi
CVE-2019-0708 :
This Vulnerability is referred to as Bluekeep Vulnerability. This vulnerability can be exploited by an
unauthenticated attacker by connecting to a target system through RDP by using specially crafted
requests. This vulnerability requires no user interaction for exploitation. An attacker who successfully
exploited this vulnerability could execute arbitrary code on the target system. Bluekeep primarily
affects older versions of Windows OS like XP, Vista, 7, server 2003, server 2008. The patch for this
vulnerability was released in May 2019.
CVE-2019-9506
This is a key negotiation vulnerability in the hardware specification level for all Bluetooth Classic
devices. It could allow an attacker within Bluetooth range to negotiate the offered key length down
to 1 byte of entropy, from a maximum of 16 bytes - thus interfering with the device's
transmissions.
CVE-2019-0736:
This vulnerability exists in the DHCP client that impacts every supported Microsoft OS. The flaw
could allow code execution if an attacker sends a specially crafted packet to an affected client.
There’s no user interaction or authentication is required to exploit this vulnerabilityCVE-2019-1188 :
This vulnerability involves the parsing of LNK files (.e., shortcuts). This vulnerability could allow an
attacker to automatically run a malicious binary against a target and, it can spread inside a network
through file shares.
CVE-2019-0720 and CVE-2019-0965 :
‘These 2 vulnerabilities are related to Hyper-V and Hyper-V Network Switch. By exploiting these
vulnerabilities an authenticated user on a guest system can run arbitrary code on the host system.
Recommended Action
Immediately apply the latest updates/patches on all machines (i.e., desktops, laptops,
servers...etc.) running on Windows OS.
Disable Remote Desktop Services, and other services which are not being used and Block
ROP Port 3389 at perimeter level
If RDP is required to be used then enable Network Level Authentication (NLA) and restrict
ROP access to VPN IPs only.
Ensure that the OS, Firmware and other software packages are updated with the latest
updates/patches.
Before rolling out the updates/patches in production environment itis highly recommended
to test it in a staging environment for any issues.
References
1. https://msre-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-
remote-desktop-services-cve-2019-1181-1182,
2. https://portal. msre.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
3. https://portal. msre.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182