This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sarm_Chanatip
Collaborator
‎2019-06-23 09:12 PM

IPS protect CVE-2019-0708 (Bluekeep)

Hi guys!

 

I'm trying to test CVE-2019-0708 as a Vulnerability in Remote Desktop Services ("BlueKeep")

And found nothing that Check Point IPS blade will detect and protect of this Signature as it is.

BlueKeep-1.jpgBluekeep-2.jpg

 

Anyone have experience with this before?

 

Appreciate every comment.

 

Regards,

Sarm

0 Kudos
4 Replies
Omer_Shliva
Employee
Employee
‎2019-06-23 10:48 PM

Hi,

Did you follow the SK about allowing RDP inspection (sk154732)?

0 Kudos
Sarm_Chanatip
Collaborator
‎2019-06-24 06:01 AM
In response to Omer_Shliva

Hi Omer,

I have been trying to follow the SK as you provided but still be getting stuck at step 2, cannot export certificate and import it to checkpoint.

console certificate.jpg

 

Regards,

Sarm

0 Kudos
Omer_Shliva
Employee
Employee
‎2019-06-24 06:52 AM
In response to Sarm_Chanatip

Hi,

I suggest open a ticket to TAC.

0 Kudos
Sarm_Chanatip
Collaborator
‎2019-06-24 08:36 AM
In response to Omer_Shliva

Hi Omer

Thanks for suggestio, and yes I will do that.

But still confusing why we have to enable inspection for this signature as it's a vulnerability the IPS should see malicious data in the payload because this is not using SSL attack. Im not sure if I understand this behavior attack of vulnerability correclt.

Regards,
Sarm
0 Kudos