Shulou(Shulou.com)06/01 Report--

Bluekeep vulnerability CVE-2019-0708 exploit example analysis, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this can learn, I hope you can gain something.

0x00: Introduction

MSF updated the CVE-2019-0708 exploit module, which is used under MSF, but according to official indications, the module only targets 64-bit Win7 systems and Server 2008 R2, but there are specific conditions for vulnerabilities in Server 2008 R2.

0x00: Environment

https://github.com/rapid7/metasploit-framework/pull/12283? from=timeline&isappinstalled=0

0x02: Successful screenshot

Win 7(64 bit) Demo

0x03: Emergency measures

Official patch:

1. Microsoft has officially released security updates. Please refer to the following official security notices to download and install the latest patches:

https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

II.

Mitigation:

1. If the patch cannot be updated, the vulnerability risk can be temporarily circumvented by enabling NLA (Network Level Authentication) on the system.

2. Firewall blocks TCP inbound 3389 connections at enterprise boundaries or allows only trusted IP connections.

3. If not explicitly requested, you can choose to disable 3389 (Remote Desktop Services).

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.