Exploiting Windows RDP Remote Code Execution – CVE-2019-0708

////Exploiting Windows RDP Remote Code Execution – CVE-2019-0708

Exploiting Windows RDP Remote Code Execution – CVE-2019-0708

A Critical vulnerability which can be more dangerous as WannaCry was found with Microsoft RDP and is tagged with CVE-2019-0708. The remote code execution vulnerability allows a non-authenticated attacker to execute system commands with administrator privileges. According to adversary released by Microsoft, this should be considered as highest priority and servers that are exposed over internet should be patched with immediate effect.

Generally Windows RDP (Remote desktop service or formerly known as terminal services) are being used world wide for controlling and managing windows systems worldwide. This even improves the criticalilty of the vulnerability, as a simple shodan search can leverage millions of servers.

Following are the links to adversary which Microsoft released its patches in its Patch Tuesday schedule.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Recommendation for fixing the vulnerability will include, blocking RDP, disabling it or patching the server with latest patch released.

Affected Microsoft platforms include:

  • Windows XP (all)
  • Windows 2003 (all)
  • Windows Server 2008 (32 bit SP2)
  • Windows Server 2008 (32 bit SP2 Server Core Installation)
  • Windows Server 2008 (Itanium-Based SP2)
  • Windows Server 2008 (64 bit SP2)
  • Windows Server 2008 (64 bit SP2 Server Core Installation)
  • Windows Server 2008 R2 (R2 for Itanium-Based Systems SP1)
  • Windows Server 2008 R2 (R2 for 64 bit Systems SP1)
  • Windows Server 2008 R2 (R2 for 64 bit Systems SP1 (Server Core Installation)
  • Windows 7 SP 1 (32 and 64 bit)

Windows 2003 (all) Windows Server 2008 (32 bit SP2) Windows Server 2008 (32 bit SP2 Server Core Installation) Windows Server 2008 (Itanium-Based SP2) Windows Server 2008 (64 bit SP2) Windows Server 2008 (64 bit SP2 Server Core Installation) Windows Server 2008 R2 (R2 for Itanium-Based Systems SP1) Windows Server 2008 R2 (R2 for 64 bit Systems SP1) Windows Server 2008 R2 (R2 for 64 bit Systems SP1 (Server Core Installation) Windows 7 SP 1 (32 and 64 bit)

A how to exploit tutorial will be soon published below.

By | 2019-05-16T11:34:29+05:30 May 16th, 2019|Penetration Testing, Web Applications|0 Comments

About the Author:

Leave A Comment