IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2019-0708|Auth: none — unauthenticated|Reboot: required|Manual only

KB4499149: Windows Server Security Update (May 2019)

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

Published May 16, 2019 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Use After Free (CWE-416) vulnerability in Microsoft Remote Desktop Services. A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running windows 7: -; windows server 2008: -, r2; rapidpoint 500 firmware: v ≤ 2.3.2; agile controller-campus firmware: v100r002c00, v100r002c10; bh620 v2 firmware: v100r002c00; bh621 v2 firmware: v100r002c00; bh622 v2 firmware: v100r001c00; bh640 v2 firmware: v100r002c00; ch121 firmware: v100r001c00; ch140 firmware: v100r001c00; ch220 firmware: v100r001c00; ch221 firmware: v100r001c00; ch222 firmware: v100r002c00; ch240 firmware: v100r001c00; ch242 firmware: v100r001c00; ch242 v3 firmware: v100r001c00; e6000 firmware: v100r002c00; e6000 chassis firmware: v100r001c00; gtsoftx3000 firmware: v200r001c01spc100, v200r002c00spc300, v200r002c10spc100; oceanstor 18500 firmware: v100r001c30spc300; oceanstor 18800 firmware: v100r001c30spc300; oceanstor 18800f firmware: v100r001c30spc300; oceanstor hvs85t firmware: v100r001c00, v100r001c30spc200; oceanstor hvs88t firmware: v100r001c00, v100r001c30spc200; rh1288 v2 firmware: v100r002c00; rh1288a v2 firmware: v100r002c00; rh2265 v2 firmware: v100r002c00; rh2268 v2 firmware: v100r002c00; rh2285 v2 firmware: v100r002c00; rh2285h v2 firmware: v100r002c00; rh2288 v2 firmware: v100r002c00; rh2288a v2 firmware: v100r002c00; rh2288e v2 firmware: v100r002c00; rh2288h v2 firmware: v100r002c00; rh2485 v2 firmware: v100r002c00; rh5885 v2 firmware: v100r001c00; rh5885 v3 firmware: v100r003c00; smc2.0 firmware: v500r002c00, v600r006c00; seco vsm firmware: v200r002c00; uma firmware: v200r001c00, v300r001c00; x6000 firmware: v100r002c00; x8000 firmware: v100r002c20; elog firmware: v200r003c10; espace ecs firmware: v300r001c00
Fixed inKB4499149, KB4499164, KB4499175, KB4499180 (applies to 10 product versions)
Real-world incidentsWhat we've seen

Used in known ransomware campaigns. Threat-research write-up: http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4499149

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

    1
    KB4499149 — https://support.microsoft.com/help/4499149
    1
    KB4499164 — https://support.microsoft.com/help/4499164
    1
    KB4499175 — https://support.microsoft.com/help/4499175
    1
    KB4499180 — https://support.microsoft.com/help/4499180

Supersedes: KB4493471, KB4493472

Affected Products

    1
    Windows 7 for 32-bit Systems Service Pack 1
    1
    Windows 7 for x64-based Systems Service Pack 1
    1
    Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
    1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    1
    Windows Server 2008 for 32-bit Systems Service Pack 2
    1
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    1
    Windows Server 2008 for Itanium-Based Systems Service Pack 2
    1
    Windows Server 2008 for x64-based Systems Service Pack 2
    1
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Installation Methods

Windows Update (recommended)

1
Settings → Windows Update → Check for updates
2
The security update is offered if your system is in scope
3
Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

1
Open https://catalog.update.microsoft.com
2
Search for KB4499149
3
Download the package matching your OS architecture and Windows build
4
Run the .msu installer with administrator privileges
5
Restart when prompted

WSUS / SCCM / Intune

Approve KB4499149 for the affected products in your update management console.

Microsoft Download Center Links

    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499149
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499164
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499175
    1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4499180

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4499149','KB4499164','KB4499175','KB4499180') }

References

    1
    Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
    1
    KB article: https://support.microsoft.com/help/4499164
    1
    KB article: https://support.microsoft.com/help/4499180
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2019-0708
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708

Discovery Credit

The UK's National Cyber Security Centre (NCSC)

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2019-0708MSRC AdvisoryNVDKBKB4499149