Exploit for Use After Free in Microsoft

This repository is a PoC Proof of Concept scanner for the CVE-2019-0708 vulnerability, also known as "BlueKeep", which is a remote code execution RCE vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of the rdesktop client, a Remote Desktop Protocol client, and is...

A week in security (February 17 – 23)

Last week on Malwarebytes Labs, we highlighted the benefits and concerns of identity-as-a-service IDaaS, an identity management scheme deployed from the cloud; reported on scammers and squatters taking advantage of Rudy Giuliani’s Twitter typos; and gave a high-level overview of RobbinHood, the...

BlueKeep Flaw Plagues Outdated Connected Medical Devices

While Microsoft issued patches for the infamous BlueKeep vulnerability almost a year ago, researchers warn that almost half of connected medical devices in hospitals run on outdated Windows versions that are still vulnerable to the remote desktop protocol RDP flaw. Researchers said they found tha...

Spacelabs Xhibit Telemetry Receiver (XTR)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits known Vendor: Spacelabs Equipment: Xhibit Telemetry Receiver Vulnerability: Improper Input Validation 2. RISK EVALUATION A remote code execution vulnerability called BlueKeep CVE-2019-0708...

How to Use VMware Carbon Black’s Real-Time Endpoint Query to Identify BlueKeep Vulnerability Risk

Recently, security researchers revealed a Proof of Concept attack that leverages the BlueKeep vulnerability. Whenever this type of news breaks on the twittersphere, organizations are left with the question: "Are we susceptible to this type of attack?" Using CB LiveOps, a real-time endpoint query...

Biggest Malware Threats of 2019

One out of five computer users were subject to at least one malware-class web attack in 2019. This past year cities such as New Orleans were under ransomware siege by the likes of malware Ryuk. Zero-day vulnerabilities were also in no short supply with targets such as Google Chrome and Operation...

Blue is a color we love but can’t Keep!

Recent reports this year revealed nearly 1 million computer systems are still vulnerable and exposed to BlueKeep in the wild. These systems are still easy targets for an unauthenticated attacker or malware to execute code leveraging this patchable vulnerability. Because so many systems are still...

2019: The year in malware

By Jon Munshaw. From ransomware attacks to DNS deception, attackers were just as active as ever in 2019. This year saw a number of big-name malware families come onto the scene, including Sea Turtle, one of the most high-profile DNS hijacking attempts in recent memory. BlueKeep also stirred up...

Exploit for Improper Input Validation in Microsoft

CVE-2019-0708 批量检测 0x01 前言 CVE-2019-0708 Windows RDP 远程命令执行漏洞 Windows系列服务器于2019年5月15号，被爆出高危漏洞，该漏洞影响范围较广，windows2003、windows2008、windows2008 R2、windows xp 系统都会遭到攻击，该服务器漏洞利用方式是通过远程桌面端口3389，RDP协议进行攻击的...

Customer Guidance for the Dopplepaymer Ransomware

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...

Customer Guidance for the Dopplepaymer Ransomware

Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymerransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP BlueKeep, as ways in which this malware spreads. Our security research teams have investigated and...

Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free

EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...

Microsoft Windows 7 (x86) - (BlueKeep) RDP Remote Windows Kernel Use After Free Exploit

EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...

Microsoft Windows 7 (x86) - BlueKeep Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free

Microsoft Windows 7 x86 - BlueKeep Remote Desktop Protocol RDP Remote Windows Kernel Use After Free EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload...

This Week in Security News: APT33 Botnets Used for Extreme Narrow Targeting and Microsoft’s Patch Tuesday Arrives with A Patch for An IE Zero-Day

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the APT33 threat group that is using live C&C servers for extremely narrow targeting. Also, read about Trend Micro’s complete...

Wild Blue Yonder: VMware Carbon Black ThreatSight Dissects BlueKeep Windows Exploit

VMware Carbon Black’s ThreatSight TS team monitors customer environments to detect and alert on new and emerging threats. Recently, ThreatSight detected malicious behavior that leveraged several attack vectors, including one of the first known uses of the newly released BlueKeep Windows exploit i...

Microsoft works with researchers to detect and protect against new RDP exploits

On November 2, 2019, security researcher Kevin Beaumont reported that his BlueKeep honeypot experienced crashes and was likely being exploited. Microsoft security researchers collaborated with Beaumont as well as another researcher, Marcus Hutchins, to investigate and analyze the crashes and...

BlueKeep Attacks Observed Months after Initial Release

The BlueKeep vulnerability, initially released in May 2019, is currently being exploited in the wild. Cybersecurity researchers have spotted initial attacks of Bluekeep RDP vulnerability. Here's a reminder about BlueKeep and instructions for using Qualys to identify attacks and remediate this...

BlueKeep Attacks Have Arrived, Are Initially Underwhelming

The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared. Security researchers have seen evidence of the first wave of attacks on the zero-day Windows Remote...

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...