[TOC]
描述:北京时间2019年5月15日,Windows再次被曝出一个破坏力巨大的高危远程漏洞CVE-2019-0708。 危害:
影响范围:
漏洞监测:360Vulcan Team Windows远程桌面协议漏洞的检测程序
#下载的脚本放入msf对应的目录之下,之后msfconle下reload_all
MSF模块:https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
c:\detector>0708detector.exe -t 192.168.91.138(要测试的目标IP) -p 3389(目标端口,一般都是3389)
a) 若目标存在漏洞
[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[!] !!!!!!WARNING: SERVER IS VULNERABLE!!!!!!!
[!] !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
b) 若目标系统已经开启NLA
[!] Socket : recv error with -1 return
[!] Recv server TPDU req Failed
[*] Detect NLA enable! Server likely NOT vulnerable
c) 若目标系统已经进行补丁修复
[+] Start 2nd stage detection.
[+] Connecting to RDP server.
[+] Establish connection with RDP server successful.
[*] Server likely NOT vulnerable
修复建议: