Lucene search

K
myhack58佚名MYHACK58:62201995881
HistorySep 07, 2019 - 12:00 a.m.

Worms level vulnerability BlueKeep(CVE-2019-0708) EXP is released-vulnerability warning-the black bar safety net

2019-09-0700:00:00
佚名
www.myhack58.com
696

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9 月 7 Morning, open your eyes, the continuous rain of Shanghai has finally cleared up, the circle of friends was the“storm”–the one known as wannacry level of vulnerability BlueKeep(CVE-2019-0708)exploit released.
! [](/Article/UploadPic/2019-9/20199714522870. png)
Metasploit on the blog and Twitter, in succession to publish news that Metasploit formal integration for CVE-2019-0708, also known as the BlueKeep the Exploit module, although at present the initial version applies only to the 64-bit version of Windows 7 and Windows 2008 R2, but also the release of a threat signal, no potential attacker has already begun to pay attention to this information, along with the subsequent module updates, BlueKeep the vulnerability of the power is also gradually revealed.
! [](/Article/UploadPic/2019-9/20199714522398. png)
Currently have noticed a lot of security personnel or the laboratory has conducted a vulnerability reproduced, further confirmed the EXP availability. Note that the EXP is easy to cause the system to blue screen caused by a system interruption in service. Recommendations of the red team, etc. before the test, the evaluation system degree of importance, caution.
On BlueKeep(CVE-2019-0708)
GMT 5 December 15, Microsoft released for Remote Desktop Services remote code execution vulnerability CVE-2019-0708 fixes, the vulnerability is triggered without user interaction. This also means that an attacker can use the vulnerability to make similar to 2017 swept the world of WannaCry class of worm virus, large-scale spread and destruction.
Remote Desktop Services formerly known as Terminal Services in remote code execution vulnerability exists when an unauthenticated attackers use RDP to connect to the target system and send a specially crafted request. Successful exploitation of this vulnerability an attacker can be on the target system execute arbitrary code. The attacker could then install programs; view, change, or delete data; or create full user permissions to the new account. To exploit this vulnerability, an attacker would only need to via RDP to the target system the Remote Desktop service send a malicious request.
This vulnerability timeline:
Of 1, 2019, 5 November 14
Microsoft released Remote Desktop Services remote code execution vulnerability CVE-2019-0708 safety notices and the corresponding patch, and especially for this vulnerability released specifically described, suggesting this is a possible cause worms the spread of serious vulnerability
The 2, 2019 5 May 15,
Bucket like the smart security platform release vulnerability early warning information and disposal program, then the bucket like a smart security platform for the ARS/PRS on line vulnerability detection tool
3, the 2019 5 May 23,
Internet open channels with non-destructive vulnerability scanning function of the PoC program
A 4, 2019 5 May 25,
Hack start large-scale scanning vulnerable devices
5, the 2019 5 May 30,
Microsoft again released for CVE-2019-0708 vulnerability to do to patch alert, based on the vulnerability severity is strongly recommended that users upgrade as soon as possible to repair
6, the 2019 Year 5 July 31,
Internet open sources appear to cause the blue screen of PoC code, fighting like a security emergency response team has confirmed the PoC code availability
7, the 2019 Year 6 on 8 May
Metasploit the commercial version Start provide can lead to remote code execution Exploit module
8, the 2019 Year 7 on 31 December
Commercial exploit kits Canvas added CVE-2019-0708 Exploit module
9, the 2019 Year 9 month 7 day
There have been open channels of the Metasploit CVE-2019-0708 Exploit module released, constitute a real worm threats.
Vulnerability Hazard
Successful exploitation of this vulnerability an attacker can be on the target system execute arbitrary code. The attacker could then install programs; view, change, or delete data; or create full user permissions to the new account.
The scope of the impact
Product
Windows operating systems
Version
Windows 7
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 has stopped maintenance
Windows XP has stopped maintenance
Assembly
Remote Desktop Services
Solution
Official patch
Through the Windows operating systemin the Automatic Update feature to be updated
For the system version of the reference at the end of the list to download the patch to run the installation
Temporary solution recommendations
1, disable remote desktop services
2, in the firewall for Remote Desktop Services port(3389)is blocked
3, in Windows 7, Windows Server 2008, and Windows Server 2008 R2-enable network authentication
Reference
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://github.com/rapid7/metasploit-framework/pull/12283?from=timeline&isappinstalled=0
Official patch download
Operating systemversion
Patch download link
Windows 7 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows 7 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows Server 2008 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu
Windows Server 2008 Itanium
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu
Windows Server 2008 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu
Windows Server 2008 R2 Itanium

[1] [2] next

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C