This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yossi_Hasson
Employee Alumnus
Employee Alumnus
‎2019-05-28 12:19 AM

[Breaking News] SandBlast Agent Protects Against BlueKeep RDP Vulnerability (CVE-2019-0708)!

Critical Vulnerability in Windows OS - Code execution using Remote Desktop Protocol (CVE-2019-0708)

 

SandBlast Agent is the First Endpoint Security Solution to

Protect Against BlueKeep RDP Vulnerability! 

 

Recently, a security advisory was released for a vulnerability in RDP (Remote Desktop Protocol) affecting multiple Windows Operating Systems prior to 8.1. According to Microsoft’s advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708, this vulnerability can be exploited for both remote code execution and denial of service attacks. All this without needing the credentials of the target machine.

Check Point’s SandBlast Agent Anti-Exploit now monitors the RDP service for both Windows 7 and Windows 2008R2 and is able to prevent this attack from occurring. Not only ןד SandBlast Agent able to prevent the exploit from being delivered on unpatched systems, but it is also able to prevent the exploit from being delivered to the previously vulnerable driver in patched systems.

The protection is available in SandBlast Agent's E80.97 Client Version (Can be downloaded from sk154432).

To see Anti-Exploit’s protection in action please see the following video, where our Threat Research Group’s POC used for exploitation is blocked. In addition, you can also see how we are able to block the scan of the Metasploit module that was recently developed to identify vulnerable systems.

Video 1: SandBast Agent protects against Check Point's Threat Research group BlueKeep based exploit:

(view in My Videos)

Video 2: SandBast Agent protects against Metasploit module developed to identify vulnerable systems:

(view in My Videos)

SandBlast Agent BlueKeep Event Forensics Report:

BK.jpg

To learn more about SandBlast Agent's Anti-Exploit protection of BlueKeep, see: sk154232 - Anti-Exploit Protection for Remote Desktop Protocol Vulnerability (CVE-2019-0708)
Note: Users who run SandBlast Agent with a third party Anti-Virus (AV) should be aware that Anti-Exploit is turned off in the presence of third party AVs. For this protection to be enabled, you must allow Anti-Exploit to work with third party AVs as detailed in sk154454 - Enabling Anti-Exploit when deployed with a third party Anti-Virus.
0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events