DejaBlue? Not again!

DejaBlue? Not again!

3 Minutes Read Updated on May 21, 2025

Microsoft published seven new Windows vulnerabilities sourcing, again, in the Remote Desktop Protocol (RDP).

Like the name hints, DejaBlue, similarly to BlueKeep has the potential to create a worm that my infect millions of PCs, leveraging an RDP vulnerability. One of the differences between the two worms is that while BlueKeep affects Windows 7 PCs and earlier, DejaBlue affects also everything after as well. In addition, it seems like DejaBlue may be easier to exploit than BlueKeep.

RDP clipboard vulnerability

DejaBlue is actually a group of four new RDP vulnerabilities:

  • Windows 10 Version 1607.
  • Windows 10 Version 1703.
  • Windows 10 Version 1709.
  • Windows 10 Version 1803.
  • Windows 10 Version 1809.
  • Windows 10 Version 1903.
  • Windows 7.
  • Windows 8.1.
  • Windows RT 8.1.
  • Windows Server 2008 R2.
  • Windows Server 2012 (incl. Server Core installation).
  • Windows Server 2012 R2 (incl. Server Core installation).
  • Windows Server 2016 (incl. Server Core installation).
  • Windows Server 2019 (incl. Server Core installation).
  • Windows Server, version 1803 (Server Core installation).
  • Windows 10 Version 1803.
  • Windows 10 Version 1809.
  • Windows 10 Version 1903.
  • Windows Server 2019 (incl. Server Core installation).
  • Windows Server, version 1803 (Server Core installation).
  • Windows Server, version 1903 (Server Core installation).

All four CVEs were given a critical severity code of 9.8, and are believed to affect somewhere around 1 million machines.

The DejaBlue vulnerabilities are in the early stages of the RDP connection. The flaws precede the authentication phase, thereby there is no need for passwords of keys to breach the system and eventually can lead to remote code execution.

In addition, CVE-2019-1181 and CVE-2019-1182 have the potential of being ‘wormable’, spreading inside the network, crossing between different internal networks and moving between internal and external networks. This, of course, adds another dimension of severity to DejaBlue.

DejaBlue Mitigation:

Besides obviously applying the latest patches published by Windows, there are two key components that can mitigate this vulnerability:

  1. Network Level Authentication (NLA)- enable NLA on systems with enabled RDP. This will enforce the connection user to authenticate himself before the session is established with the server.
  2. The RDP itself- utilized RDP gateways on the patched workstations to hold and authenticate requests for RDP sessions before external users are passed to your internal network.

** if you’re not using RDP, configure your firewall to block inbound TCP port 3389 traffic.

RDS: Do not allow clipboard redirection

But the most basic mitigation step might be the most complex one:

Disable RDPs where they are not required. As simple as that! But is it?

Controlling configurations in your entire production environment is a pain. Deciding the right policy and then enforcing it may lead to outages and severe harm to production. In order to deal with the complexity in enforcing a secured configuration policy, expensive and time-consuming lab testing needs to be performed. That often leads to a permissive security policy, such as enabling RDPs when not requires and enlarging the attack surface.

CHS by CalCom will automate the entire process for you, eliminating your concern for production outages. With CHS there’s no need for lab testing, and strict security policies can be easily and automatically implemented on the production environment.

https://www.rapid7.com/blog/post/2019/08/13/august-2019-microsoft-remote-desktop-services-rdp-patches-what-you-need-to-know/

https://blog.cybermdx.com/blog/windows-dejablue-lookalike-vulnerabilities-emerge-3-months-after-bluekeep

https://mobilesyrup.com/2019/08/14/microsoft-windows-security-vulnerability-dejablue/

Ben Balkin
Ben Balkin is a professional writer and blogger specializing in technology and innovation. As a contributor to the Calcom blog, Ben shares practical insights, useful tips, and engaging articles designed to simplify complex processes and make advanced technological solutions accessible to everyone. His writing style is clear, insightful, and inspiring, reflecting his strong belief in technology's power to enhance quality of life and empower businesses.

Related Articles

Shield Against Kerberos Attacks: Key Kerberos Hardening Tips

Shield Against Kerberos Attacks: Key Kerberos Hardening Tips

October 7, 2023

Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some…

Netlogon Service Configuration in Active Directory and Member Servers

Netlogon Service Configuration in Active Directory and Member Servers

December 9, 2021

Netlogon Service: Netlogon Service is a Microsoft Windows Server process used to validate or authenticate…

TLS 1.0 and SSL Vulnerabilities: What You Need to Know

TLS 1.0 and SSL Vulnerabilities: What You Need to Know

January 31, 2024

Is your organization still using old SSL/TLS protocols?  The PCI Security Standards Council requires all…

Ready to simplify compliance?

See automated compliance in action—book your demo today!

Share this article