Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sarm_Chanatip
Collaborator

IPS protect CVE-2019-0708 (Bluekeep)

Hi guys!

 

I'm trying to test CVE-2019-0708 as a Vulnerability in Remote Desktop Services ("BlueKeep")

And found nothing that Check Point IPS blade will detect and protect of this Signature as it is.

BlueKeep-1.jpgBluekeep-2.jpg

 

Anyone have experience with this before?

 

Appreciate every comment.

 

Regards,

Sarm

0 Kudos
4 Replies
Omer_Shliva
Employee
Employee

Hi,

Did you follow the SK about allowing RDP inspection (sk154732)?

0 Kudos
Sarm_Chanatip
Collaborator

Hi Omer,

I have been trying to follow the SK as you provided but still be getting stuck at step 2, cannot export certificate and import it to checkpoint.

console certificate.jpg

 

Regards,

Sarm

0 Kudos
Omer_Shliva
Employee
Employee

Hi,

I suggest open a ticket to TAC.

0 Kudos
Sarm_Chanatip
Collaborator

Hi Omer

Thanks for suggestio, and yes I will do that.

But still confusing why we have to enable inspection for this signature as it's a vulnerability the IPS should see malicious data in the payload because this is not using SSL attack. Im not sure if I understand this behavior attack of vulnerability correclt.

Regards,
Sarm
0 Kudos