CVE-2019-0709

HIGH

Windows 10 and Windows Server 2016 - Remote Code Execution via Hyper-V Guest Input Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-0709. PoCs published by YHZX2013, qq431169079, ciakim.

AI-analyzed exploit summary This repository contains a Python-based exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The provided code includes a crash exploit that targets the vulnerability, demonstrating the ability to trigger a denial-of-service condition.

Description

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Exploits (3)

nomisec WORKING POC 2 stars
by YHZX2013 · poc
https://github.com/YHZX2013/CVE-2019-0709

This repository contains a Python-based exploit for CVE-2019-0708 (BlueKeep), a critical RCE vulnerability in Microsoft's Remote Desktop Protocol (RDP). The provided code includes a crash exploit that targets the vulnerability, demonstrating the ability to trigger a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Remote Desktop Services (RDP) on Windows 7, Windows Server 2008 R2, and Windows Server 2008
No auth needed
Prerequisites: Network access to the target system's RDP port (3389) · Target system must be vulnerable to CVE-2019-0708
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by qq431169079 · poc
https://github.com/qq431169079/CVE-2019-0709

This PoC exploits CVE-2019-0709 (BlueKeep) by sending maliciously crafted RDP packets to trigger a remote code execution vulnerability in Windows RDP services. The code constructs multiple PDU packets to exploit the flaw in the RDP protocol.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows RDP (pre-patch versions)
No auth needed
Prerequisites: Network access to target RDP port (3389) · Vulnerable Windows system (unpatched)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
nomisec SUSPICIOUS
by ciakim · poc
https://github.com/ciakim/CVE-2019-0709

The repository claims to be an exploit for CVE-2019-0709 but references CVE-2019-0708 throughout. It lacks actual exploit code and only contains a README with inconsistent CVE references and suspicious contact details.

Classification
Suspicious 70%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Windows RDP (claimed)
No auth needed
Prerequisites: none specified
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 7.6
EPSS 0.0404
EPSS Percentile 89.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (5)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_10 1709
microsoft/windows_server_2016
Published Jun 12, 2019
Tracked Since Feb 18, 2026