Shulou(Shulou.com)05/31 Report--

How to achieve Windows Remote Desktop Service remote command execution vulnerability analysis, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this to learn, I hope you can harvest.

I. Foreword

On August 14, 2019, Microsoft released a set of fixes for Remote Desktop Services, including two critical Remote Code Execution (RCE) vulnerabilities CVE-2019-1181 and CVE-2019-1182. Same as previously fixed "BlueKeep" vulnerability (CVE-2019-0708). This also means that attackers can exploit this vulnerability to create worms similar to WannaCry that swept the world in 2017 for large-scale dissemination and destruction.

II. Brief introduction of vulnerability

A remote code execution vulnerability in Remote Desktop Services (formerly Terminal Services) allows an attacker to execute arbitrary code on the target system when an unauthenticated attacker connects to the target system using RDP and sends a crafted request, which could then allow the attacker to install programs, view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would only need to send malicious requests to the target system Remote Desktop Service via RDP.

III. Vulnerability hazard

An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system and then install programs, view, change, or delete data; or create new accounts with full user rights.

IV. Scope of influence Products

Windows operating system

version

Windows 7 SP1

Windows Server 2008 R2 SP1

Windows Server 2012

Windows 8.1

Windows Server 2012 R2

All supported versions of Windows 10, including Server Version components

Remote Desktop Services

V. Official patch of repair scheme

Update via automatic update feature in Windows OS

Provisional resolution recommendations

Disable Remote Desktop Services

2. Block Remote Desktop Services port (3389) in the firewall

3. Enable network authentication on the server with Remote Desktop Services enabled

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.