Brief introduction
CVE-2019-0708 BlueKeep is a Windows Remote Desktop Services for remote code execution vulnerability, the degree of harm as much as CVE-2017-0143 EternalBlue, the vulnerability affects certain older versions of Windows. This vulnerability is a pre-authentication, without user interaction. When unauthenticated attacker using RDP (common port 3389) connection to the target system and sending a specially crafted request, you can execute arbitrary commands on the target system. Even spread malicious worm infection within the network to other machines. Similar to the 2017 outbreak of WannaCry extortion and other malicious software viruses.
Systemic effects of vulnerability
- Windows 7
- Windows Server 2008 R2
- Windows Server 2008
- Windows 2003
- Windows XP
Scan LAN Vulnerability
Open metasploit
msfconsole
Using a scanning module
use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
Without this module Go ahead metasploit upgrade to the latest version
msfupdate
After configuring the host range of the scanning of
set RHOSTS 192.168.18.1/24
Start Scan
exploit
If the
[+] 192.168.1.2:3389 - The target is vulnerable.
Description This host is flawed
Patch
I found a local area network windows 2003 have this loophole, first download the patch, this URL below
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
After the download is complete install just fine
After the installation is complete to restart
Then use metasploit rescan look like
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > set RHOSTS 192.168.18.27
RHOSTS => 192.168.18.27
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) > exploit
[*] 192.168.18.27:3389 - The target is not exploitable.
[*] 192.168.18.27:3389 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/rdp/cve_2019_0708_bluekeep) >
Other similar systems are also installed on just fine
Other preventive measures
- Net off
- Close the Remote Desktop Connection Service
Other relevant
Ali cloud security bulletin
https://help.aliyun.com/noticelist/articleid/1060000116.html?spm=a2c4g.789213612.n2.6.46be6141nusN1i
Microsoft vulnerabilities Notice
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
Microsoft Security Update Guide
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Microsoft has abandoned support for the upgrade patch system (like windows xp)
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
Attack on load
Sorry, I have not found, otherwise it fun
Welcome to the blog concerned Bboysoul www.bboysoul.com
Have Fun
Reproduced in: https: //my.oschina.net/u/3778921/blog/3059731