What is the CVSS score of CVE-2019-0708?

CVE-2019-0708 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 94.5%.

Which versions of Remote Desktop Services are affected by CVE-2019-0708?

CVE-2019-0708 presents critical security risk, a use-after-free vulnerability rated CVSS 9.8.. A patch is available.

Is there a public PoC exploit available for CVE-2019-0708?

Yes, a public proof-of-concept exploit is available for CVE-2019-0708. Prioritise patching immediately. EPSS: 94.5%.

How to fix or mitigate CVE-2019-0708?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Remote Desktop Services CVE-2019-0708

CRITICAL

Use After Free (CWE-416)

2019-05-16 secure@microsoft.com

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 29, 2025 - 14:45 cisa

CISA KEV

PoC Detected

Oct 29, 2025 - 14:45 vuln.today

Public exploit code

Patch released

Oct 29, 2025 - 14:45 nvd

Patch available

CVE Published

May 16, 2019 - 19:29 nvd

CRITICAL 9.8

DescriptionCVE.org

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

AnalysisAI

Remote Desktop Services contain a pre-authentication remote code execution vulnerability known as 'BlueKeep' that allows unauthenticated attackers to execute code via crafted RDP requests, with wormable potential rivaling EternalBlue.

Technical ContextAI

The CWE-416 use-after-free in the RDP protocol's channel handling occurs when a crafted connection request triggers improper handling of channel bindings. The vulnerability exists before authentication, meaning any system with RDP exposed can be exploited without credentials. The flaw is in the kernel-mode rdpwd.sys driver, providing SYSTEM-level code execution.

Affected ProductsAI

Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2/R2 SP1 Microsoft Windows 7 SP1

RemediationAI

Apply Microsoft security update immediately. Enable Network Level Authentication (NLA) as a partial mitigation. Disable RDP where not needed. Use VPN or jump servers for remote access instead of direct RDP exposure. Windows 8+ and Server 2012+ are not affected.

CVE-2019-0708 vulnerability details – vuln.today

Back

Remote Desktop Services CVE-2019-0708

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code