RDP Exploit Attempt - CVE-2019-0708

Remote Desktop is a built-in tool in Microsoft Windows that enables an authorized remote user to access a Windows system over a network as if they are at the local desktop. Leveraging the BlueKeep vulnerability, an attacker can gain full control over a Windows workstation or server, without needing a user account or privileged access. First, the attacker establishes a Remote Desktop session that includes the internal virtual channel, MS_T120. Virtual channels are extensions that add functionality to Remote Desktop. However, MS_T120 is rarely associated with a typical RDP session. After establishing a session, the attacker is then able to run arbitrary code that crashes or could fully compromise the device. Ultimately, the attacker can create administrator accounts; read, modify, or delete local data; run arbitrary commands and code; and launch additional attacks on the network from behind firewalls and other defensive measures. This vulnerability can also be leveraged by malware and be spread automatically as a worm.