Microsoft recently released fixes for a critical remote code execution vulnerability in Remote Desktop Protocol Services (RDP) A remote unauthenticated attacker can exploit CVE-2019-0708 by sending crafted data to this internal channel. The vulnerability caught the attention of researchers and the media due to the fact that it was “wormable,” meaning an attack exploiting this vulnerability could easily spread from one machine to another. The following is a guide to set up RDP decryption on Cisco Firepower. This guide specifically applies to Windows Server 2008 instances (newer versions of Windows Server are not vulnerable to BlueKeep)”]
Source: https://blog.talosintelligence.com/2019/05/firepower-encrypted-rdp-detection.html

