This blog was authored by Brandon Stultz

- 5cf18cca44dce 550x275 - Using Firepower to defend against encrypted RDP attacks like BlueKeep

Microsoft recently released fixes for a critical pre-authentication remote code execution in Remote Desktop Protocol Servierces (RDP). Identified as CVE-2019-0708 in May’s Patch Tuesday, the vulnerability caught the attention of researchers and the media due to the fact that it was “wormable,” meaning an exploiting this vulnerability could easily spread from one machine to another.

Talos started reverse-engineering work immediately to determine how exactly RDP was vulnerable. Talos wrote and released coverage as soon as we were able to determine the vulnerability condition. SID 50137 for SNORT® correctly blocks exploitation of CVE-2019-0708 and scanning attempts that leverage this vulnerability.



Source link

No tags for this post.


Please enter your comment!
Please enter your name here