ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #12)
Sourceptrules/open
Fileptopen-attacks.rules
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert tcp any any -> any !443 (msg:"ATTACK [PTsecurity] Possible Bluekeep RDP exploit CVE-2019-0708 (pkt #12)"; flow:established, to_server ; app-layer-protocol:!tls; content:"|17 03 01 01 80|"; depth:5; flowint:JoinReq, >=, 7 ; flowbits:set, BlueKeep.pkt12 ; flowbits:noalert; reference:cve, 2019-0708 ; reference:url, github.com/Ekultek/BlueKeep ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10005400; rev:2;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!