AnsweredAssumed Answered

CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability (bluekeep)

Question asked by Jake VanMast on May 16, 2019
Latest reply on Jul 2, 2019 by Robert Dell'Immagine
Yesterday evening (15may2019) CVE-2019-0708 was removed from the May Security Update (QID=91529), in favor of it's own QID=91534.  Because of the change, we must wait for our subscription to come back into sync again, however based on yesterday/today prelim numbers we are only seeing one flavor of this issue in our subscription, despite having a limited number of Server 2008 R2, SP2 hosts. 
Wondering whether others are seeing only one flavor, or both?
Per the MS document below, there should be two main patch/flavors, labeled 1 & 2 below.
In our environment we see flavor #1, but not #2.
1. KB4499164 (monthly rollup) / KB4499175 (security only)  <-- Windows 7 / Server 2008 R2, SP1
2. KB4499149 (monthly rollup) / KB4499180 (security only)  <-- Server 2008 R2, SP2

### TAG=CVE-2019-0708-flav1
import java.util.regex.Matcher
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
if (asset.resultsForQid(91534L) =~ /(KB4499164|KB4499175)\s+/) {
  return true;
}
return false;
### TAG=CVE-2019-0708-flav2
import java.util.regex.Matcher
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
if (asset.resultsForQid(91534L) =~ /(KB4499149|KB4499180)\s+/) {
  return true;
}
return false;

Outcomes