ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708
Sourceptrules/open
Fileptopen-attacks.rules
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert tcp any any -> any !443 (msg:"ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708"; flow:established, from_server ; app-layer-protocol:!tls; stream_size:client, <, 3500 ; stream_size:server, <, 3000 ; content:"|17 03 01 01 d0|"; depth:5; flowbits:isset, BlueKeep.pkt12 ; flowbits:set, BlueKeep.pkt13 ; reference:cve, 2019-0708 ; reference:url, github.com/Ekultek/BlueKeep ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10004867; rev:6;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!