CVE-2019-0708 BlueKeep scanning and patching

Others 2019-06-14 11:33:27 views: null

Why 80% of the code can not do farming architect? >>>  hot3.png

Brief introduction

CVE-2019-0708 BlueKeep is a Windows Remote Desktop Services for remote code execution vulnerability, the degree of harm as much as CVE-2017-0143 EternalBlue, the vulnerability affects certain older versions of Windows. This vulnerability is a pre-authentication, without user interaction. When unauthenticated attacker using RDP (common port 3389) connection to the target system and sending a specially crafted request, you can execute arbitrary commands on the target system. Even spread malicious worm infection within the network to other machines. Similar to the 2017 outbreak of WannaCry extortion and other malicious software viruses.

Systemic effects of vulnerability

  • Windows 7
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 2003
  • Windows XP

Scan LAN Vulnerability

Open metasploit

msfconsole

Using a scanning module

use auxiliary/scanner/rdp/cve_2019_0708_bluekeep

Without this module Go ahead metasploit upgrade to the latest version

msfupdate

After configuring the host range of the scanning of

set RHOSTS 192.168.18.1/24

Start Scan

exploit

If the

[+] 192.168.1.2:3389 - The target is vulnerable.

Description This host is flawed

Patch

I found a local area network windows 2003 have this loophole, first download the patch, this URL below

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

After the download is complete install just fine

After the installation is complete to restart

Then use metasploit rescan look like

msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set RHOSTS 192.168.18.27
RHOSTS => 192.168.18.27
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > exploit

[*] 192.168.18.27:3389    - The target is not exploitable.
[*] 192.168.18.27:3389    - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >

Other similar systems are also installed on just fine

Other preventive measures

  • Net off
  • Close the Remote Desktop Connection Service

Other relevant

Ali cloud security bulletin

https://help.aliyun.com/noticelist/articleid/1060000116.html?spm=a2c4g.789213612.n2.6.46be6141nusN1i

Microsoft vulnerabilities Notice

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

Microsoft Security Update Guide

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Microsoft has abandoned support for the upgrade patch system (like windows xp)

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

Attack on load

Sorry, I have not found, otherwise it fun

Welcome to the blog concerned Bboysoul www.bboysoul.com

Have Fun

Reproduced in: https: //my.oschina.net/u/3778921/blog/3059731

Guess you like

Origin blog.csdn.net/weixin_33670713/article/details/91373255
Recommended
NetBSD bans submission of code generated by AI
Ranking
Talk dubbo of LRUCache
Chapter 1 Learning Summary
Introduction to Virtualization
pytorch 调用lstm
Six modules
[8086] The natural number of 1 to 36 into a 6x6 two-dimensional array of line-sequentially, and then print out the lower left half of the triangular array
mybatis mapper mapping file $ # {} {} understanding and
C language input and output buffer
c language floating-point input and output
andorid P version compatible, refer to Huawei
Daily
More
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)

Code World

© 2018 codetd.com