漏洞信息(CVE-2019-0708)

一、漏洞 CVE-2019-0708 基础信息

漏洞信息

                                        # N/A

## 漏洞概述
存在一个远程代码执行漏洞，当未认证的攻击者通过RDP连接到目标系统并发送特制的请求时，可以利用此漏洞。该服务以前称为终端服务，现称为远程桌面服务。

## 影响版本
未提供具体版本信息。

## 漏洞细节
攻击者可以通过远程桌面协议（RDP）连接到目标系统，并发送特制的请求，从而触发远程代码执行问题。

## 影响
此漏洞可被未认证的攻击者利用，导致远程代码执行，具有较高威胁性。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Microsoft Remote Desktop Services 资源管理错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Microsoft Windows和Microsoft Windows Server都是美国微软（Microsoft）公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Remote Desktop Services是其中的一个远程桌面服务组件。 Microsoft Remote Desktop Services中存在资源管理错误漏洞。该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。以下

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

资源管理错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2019-0708 的公开POC

#	POC 描述	源链接	神龙链接
1	proof of concept exploit for Microsoft Windows 7 and Server 2008 RDP vulnerability	https://github.com/hook-s3c/CVE-2019-0708-poc	POC详情
2	A Win7 RDP exploit	https://github.com/SherlockSec/CVE-2019-0708	POC详情
3	CVE-2019-0708	https://github.com/yetiddbb/CVE-2019-0708-PoC	POC详情
4	CVE-2019-0708-exploit	https://github.com/p0p0p0/CVE-2019-0708-exploit	POC详情
5	Using CVE-2019-0708 to Locally Promote Privileges in Windows 10 System	https://github.com/rockmelodies/CVE-2019-0708-Exploit	POC详情
6	CVE-2019-0708 exp	https://github.com/anquanscan/CVE-2019-0708	POC详情
7	Dark Net Sunset New Release CVE-2019-0708	https://github.com/xiyangzuishuai/Dark-Network-CVE-2019-0708	POC详情
8	CVE-2019-0708	https://github.com/temp-user-2014/CVE-2019-0708	POC详情
9	Proof of concept exploit for CVE-2019-0708	https://github.com/areusecure/CVE-2019-0708	POC详情
10	Testing my new bot out	https://github.com/pry0cc/cve-2019-0708-2	POC详情
11	POCexp:https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8	https://github.com/sbkcbig/CVE-2019-0708-EXPloit	POC详情
12	EXPloit-poc: https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8	https://github.com/sbkcbig/CVE-2019-0708-EXPloit-3389	POC详情
13	CVE-2019-0708	https://github.com/YSheldon/MS_T120	POC详情
14	3389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)	https://github.com/k8gege/CVE-2019-0708	POC详情
15	exploit CVE-2019-0708 RDS	https://github.com/hotdog777714/RDS_CVE-2019-0708	POC详情
16	RDP POC	https://github.com/jiansiting/CVE-2019-0708	POC详情
17	PoC exploit for BlueKeep (CVE-2019-0708)	https://github.com/NullByteSuiteDevs/CVE-2019-0708	POC详情
18	sup pry0cc :3	https://github.com/thugcrowd/CVE-2019-0708	POC详情
19	CVE-2019-0708	https://github.com/blacksunwen/CVE-2019-0708	POC详情
20	None	https://github.com/infenet/CVE-2019-0708	POC详情
21	Totally legitimate	https://github.com/n0auth/CVE-2019-0708	POC详情
22	None	https://github.com/gildaaa/CVE-2019-0708	POC详情
23	CVE-2019-0708 EXPloit-poc 漏洞描述微软官方紧急发布安全补丁，修复了一个Windows远程桌面服务的远程代码执行漏洞CVE-2019-0708，该漏洞影响了某些旧版本的Windows系统。此漏洞是预身份验证，无需用户交互。当未经身份验证的攻击者使用RDP（常见端口3389）连接到目标系统并发送特制请求时，可以在目标系统上执行任意命令。甚至传播恶意蠕虫，感染内网其他机器。类似于2017年爆发的WannaCry等恶意勒索软件病毒。漏洞评级 CVE-2019-0708 严重安全建议 1、针对Windows 7及Windows Server 2008的用户，及时安装官方安全补丁：https://www.catalog.update.microsoft.com/Search.aspx?q=KB4499175 2、针对Windows 2003及Windows XP的用户，及时更新系统版本或安装官方补丁：https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708 CVE-2019-0708 EXPloit-poc 影响版本 Windows7 XP Windows 2003 Windows Server 2008 Windows Server 2008 R2 EXPloit-poc: https://pan.baidu.com/s/184gN1tJVIOYqOjaezM_VsA 提取码:e2k8	https://github.com/sbkcbig/CVE-2019-0708-Poc-exploit	POC详情
24	None	https://github.com/HackerJ0e/CVE-2019-0708	POC详情
25	PoC about CVE-2019-0708 (RDP; Windows 7, Windows Server 2003, Windows Server 2008)	https://github.com/syriusbughunt/CVE-2019-0708	POC详情
26	A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.	https://github.com/Barry-McCockiner/CVE-2019-0708	POC详情
27	A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.	https://github.com/ShadowBrokers-ExploitLeak/CVE-2019-0708	POC详情
28	CVE-2019-0708 demo	https://github.com/safly/CVE-2019-0708	POC详情
29	None	https://github.com/Jaky5155/cve-2019-0708-exp	POC详情
30	Powershell script to run and determine if a specific device has been patched for CVE-2019-0708. This checks to see if the termdd.sys file has been updated appropriate and is at a version level at or greater than the versions released in the 5/14/19 patches.	https://github.com/fourtwizzy/CVE-2019-0708-Check-Device-Patch-Status	POC详情
31	POC for CVE-2019-0708	https://github.com/303sec/CVE-2019-0708	POC详情
32	PoC for CVE-2019-0708	https://github.com/f8al/CVE-2019-0708-POC	POC详情
33	CVE-2019-0708漏洞MSF批量巡检插件	https://github.com/blockchainguard/CVE-2019-0708	POC详情
34	LOL	https://github.com/yushiro/CVE-2019-0708	POC详情
35	It's only hitting vulnerable path in termdd.sys!!! NOT DOS	https://github.com/skyshell20082008/CVE-2019-0708-PoC-Hitting-Path	POC详情
36	Announces fraud	https://github.com/ttsite/CVE-2019-0708-	POC详情
37	Report fraud	https://github.com/ttsite/CVE-2019-0708	POC详情
38	CVE-2019-0708 远程代码执行漏洞批量检测	https://github.com/biggerwing/CVE-2019-0708-poc	POC详情
39	dump	https://github.com/n1xbyte/CVE-2019-0708	POC详情
40	High level exploit	https://github.com/freeide/CVE-2019-0708	POC详情
41	根据360的程序，整的CVE-2019-0708批量检测	https://github.com/edvacco/CVE-2019-0708-POC	POC详情
42	My bot (badly written) to search and monitor cve-2019-0708 repositories	https://github.com/pry0cc/BlueKeepTracker	POC详情
43	None	https://github.com/zjw88282740/CVE-2019-0708-win7	POC详情
44	Scanner PoC for CVE-2019-0708 RDP RCE vuln	https://github.com/victor0013/CVE-2019-0708	POC详情
45	根据360Vulcan Team开发的CVE-2019-0708单个IP检测工具构造了个批量检测脚本而已	https://github.com/herhe/CVE-2019-0708poc	POC详情
46	cve-2019-0708 vulnerablility scanner	https://github.com/l9c/rdp0708scanner	POC详情
47	None	https://github.com/major203/cve-2019-0708-scan	POC详情
48	Check vuln CVE 2019-0708	https://github.com/SugiB3o/Check-vuln-CVE-2019-0708	POC详情
49	Goby support CVE-2019-0708 "BlueKeep" vulnerability check	https://github.com/gobysec/CVE-2019-0708	POC详情
50	Working proof of concept for CVE-2019-0708, spawns remote shell.	https://github.com/smallFunction/CVE-2019-0708-POC	POC详情
51	CVE-2019-0708 PoC Exploit	https://github.com/freeide/CVE-2019-0708-PoC-Exploit	POC详情
52	A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.	https://github.com/robertdavidgraham/rdpscan	POC详情
53	cve-2019-0708 poc .	https://github.com/closethe/CVE-2019-0708-POC	POC详情
54	50 first stargazers will get get the tool via email	https://github.com/SQLDebugger/CVE-2019-0708-Tool	POC详情
55	CVE-2019-0708	https://github.com/Rostelecom-CERT/bluekeepscan	POC详情
56	Only Hitting PoC [Tested on Windows Server 2008 r2]	https://github.com/Leoid/CVE-2019-0708	POC详情
57	基于360公开的无损检测工具的可直接在windows上运行的批量检测程序	https://github.com/ht0Ruial/CVE-2019-0708Poc-BatchScanning	POC详情
58	CVE-2019-0708 bluekeep 漏洞检测	https://github.com/oneoy/BlueKeep	POC详情
59	None	https://github.com/infiniti-team/CVE-2019-0708	POC详情
60	None	https://github.com/haishanzheng/CVE-2019-0708-generate-hosts	POC详情
61	Proof of concept for CVE-2019-0708	https://github.com/Ekultek/BlueKeep	POC详情
62	CVE-2019-0708	https://github.com/UraSecTeam/CVE-2019-0708	POC详情
63	A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.	https://github.com/Gh0st0ne/rdpscan-BlueKeep	POC详情
64	An Attempt to Port BlueKeep PoC from @Ekultek to actual exploits	https://github.com/algo7/bluekeep_CVE-2019-0708_poc_to_exploit	POC详情
65	None	https://github.com/JasonLOU/CVE-2019-0708	POC详情
66	CVE-2019-0708批量蓝屏恶搞	https://github.com/AdministratorGithub/CVE-2019-0708	POC详情
67	CVE-2019-0708 - BlueKeep (RDP)	https://github.com/umarfarook882/CVE-2019-0708	POC详情
68	Python script to detect bluekeep vulnerability (CVE-2019-0708) with TLS/SSL and x509 support	https://github.com/HynekPetrak/detect_bluekeep.py	POC详情
69	CVE-2019-0708批量检测	https://github.com/Pa55w0rd/CVE-2019-0708	POC详情
70	CVE-2019-0708-PoC It is a semi-functional exploit capable of remotely accessing a Windows computer by exploiting the aforementioned vulnerability, this repository also contains notes on how to complete the attack.	https://github.com/at0mik/CVE-2019-0708-PoC	POC详情
71	CVE-2019-0708-Msf-验证	https://github.com/cream-sec/CVE-2019-0708-Msf--	POC详情
72	蓝屏poc	https://github.com/ZhaoYukai/CVE-2019-0708	POC详情
73	改写某大佬写的0708蓝屏脚本改为网段批量蓝屏	https://github.com/ZhaoYukai/CVE-2019-0708-Batch-Blue-Screen	POC详情
74	None	https://github.com/wdfcc/CVE-2019-0708	POC详情
75	POC CVE-2019-0708 with python script!	https://github.com/cvencoder/cve-2019-0708	POC详情
76	None	https://github.com/ze0r/CVE-2019-0708-exp	POC详情
77	Metasploit module for massive Denial of Service using #Bluekeep vector.	https://github.com/mekhalleh/cve-2019-0708	POC详情
78	CVE-2019-0708 Exploit Tool	https://github.com/cve-2019-0708-poc/cve-2019-0708	POC详情
79	Scanner PoC for CVE-2019-0708 RDP RCE vuln	https://github.com/andripwn/CVE-2019-0708	POC详情
80	Public work for CVE-2019-0708	https://github.com/0xeb-bp/bluekeep	POC详情
81	收集网上CVE-2018-0708的poc和exp(目前没有找到exp)	https://github.com/ntkernel0/CVE-2019-0708	POC详情
82	rce exploit , made to work with pocsuite3	https://github.com/dorkerdevil/Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708-	POC详情
83	Research Regarding CVE-2019-0708.	https://github.com/turingcompl33t/bluekeep	POC详情
84	None	https://github.com/fade-vivida/CVE-2019-0708-test	POC详情
85	CVE-2019-0708 BlueKeep漏洞批量扫描工具和POC，暂时只有蓝屏。	https://github.com/skommando/CVE-2019-0708	POC详情
86	Metasploit module for CVE-2019-0708 (BlueKeep) - https://github.com/rapid7/metasploit-framework/tree/5a0119b04309c8e61b44763ac08811cd3ecbbf8d/modules/exploits/windows/rdp	https://github.com/RickGeex/msf-module-CVE-2019-0708	POC详情
87	initial exploit for CVE-2019-0708, BlueKeep CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution.	https://github.com/wqsemc/CVE-2019-0708	POC详情
88	CVE-2019-0708RDP MSF	https://github.com/Micr067/CVE-2019-0708RDP-MSF	POC详情
89	CVE-2019-0708 With Metasploit-Framework Exploit	https://github.com/FrostsaberX/CVE-2019-0708	POC详情
90	CVE-2019-0708 RCE远程代码执行getshell教程	https://github.com/0x6b7966/CVE-2019-0708-RCE	POC详情
91	CVE-2019-0708-EXP(MSF) Vulnerability exploit program for cve-2019-0708	https://github.com/qing-root/CVE-2019-0708-EXP-MSF-	POC详情
92	None	https://github.com/distance-vector/CVE-2019-0708	POC详情
93	CVE-2019-0708 C#验证漏洞	https://github.com/0xFlag/CVE-2019-0708-test	POC详情
94	None	https://github.com/1aa87148377/CVE-2019-0708	POC详情
95	it works on xp (all version sp2 sp3)	https://github.com/coolboy4me/cve-2019-0708_bluekeep_rce	POC详情
96	ispy V1.0 - Eternalblue(ms17-010)/Bluekeep(CVE-2019-0708) Scanner and exploit ( Metasploit automation )	https://github.com/Cyb0r9/ispy	POC详情
97	CVE-2019-0708	https://github.com/lwtz/CVE-2019-0708	POC详情
98	None	https://github.com/ulisesrc/-2-CVE-2019-0708	POC详情
99	CVE-2019-0708 (BlueKeep)	https://github.com/worawit/CVE-2019-0708	POC详情
100	Mass exploit for CVE-2019-0708	https://github.com/Ameg-yag/Wincrash	POC详情
101	CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell	https://github.com/cbwang505/CVE-2019-0708-EXP-Windows	POC详情
102	这篇文章将分享Windows远程桌面服务漏洞（CVE-2019-0708），并详细讲解该漏洞及防御措施。作者作为网络安全的小白，分享一些自学基础教程给大家，主要是关于安全工具和实践操作的在线笔记，希望您们喜欢。同时，更希望您能与我一起操作和进步，后续将深入学习网络安全和系统安全知识并分享相关实验。总之，希望该系列文章对博友有所帮助，写文不易，大神们不喜勿喷，谢谢！	https://github.com/eastmountyxz/CVE-2019-0708-Windows	POC详情
103	CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7	https://github.com/RICSecLab/CVE-2019-0708	POC详情
104	Scanner CVE-2019-0708	https://github.com/JSec1337/Scanner-CVE-2019-0708	POC详情
105	vulnerabilidad CVE-2019-0708 testing y explotacion	https://github.com/nochemax/bLuEkEeP-GUI	POC详情
106	None	https://github.com/AaronCaiii/CVE-2019-0708-POC	POC详情
107	Scan through given ip list	https://github.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit	POC详情
108	None	https://github.com/go-bi/CVE-2019-0708-EXP-Windows	POC详情
109	POC-CVE-2019-0708	https://github.com/CircuitSoul/CVE-2019-0708	POC详情
110	None	https://github.com/pywc/CVE-2019-0708	POC详情
111	None	https://github.com/bibo318/kali-CVE-2019-0708-lab	POC详情
112	None	https://github.com/lisinan988/CVE-2019-0708-scan	POC详情
113	CVE-2019-0708 DOS RDP	https://github.com/5l1v3r1/CVE-2019-0708-DOS	POC详情
114	None	https://github.com/offensity/CVE-2019-0708	POC详情
115	MS CVE 2019-0708 Python Exploit	https://github.com/CPT-Jack-A-Castle/Haruster-CVE-2019-0708-Exploit	POC详情
116	CVE-2019-0708, A tool which mass hunts for bluekeep vulnerability for exploitation.	https://github.com/Ravaan21/Bluekeep-Hunter	POC详情
117	Checker and exploit for Bluekeep CVE-2019-0708 vulnerability	https://github.com/davidfortytwo/bluekeep	POC详情
118	a simple tool to detect the exploitation of BlueKeep vulnerability (CVE-2019-0708)	https://github.com/tranqtruong/Detect-BlueKeep	POC详情
119	CVE-2019-0708 Exploit With 100% Success Ratio You Can Pay a reasonable Price for my hard Time Gone For this exploit	https://github.com/jdouglas12a/CVE-2019-0708	POC详情
120	None	https://github.com/rasan2001/CVE-2019-0708	POC详情
121	None	https://github.com/adyanamul/Remote-Code-Execution-RCE-Exploit-BlueKeep-CVE-2019-0708-PoC	POC详情
122	None	https://github.com/rasan2001/Microsoft-Remote-Desktop-Services-Remote-Code-Execution-Vulnerability-CVE-2019-0708	POC详情
123	CVE Exploitation Reports: CVE-2007-3280, CVE-2017-0144, CVE-2019-0708	https://github.com/DenuwanJayasekara/CVE-Exploitation-Reports	POC详情
124	None	https://github.com/hualy13/CVE-2019-0708-Check	POC详情
125	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Windows%20%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E6%9C%8D%E5%8A%A1%E6%BC%8F%E6%B4%9E%20CVE-2019-0708.md	POC详情

三、漏洞 CVE-2019-0708 的情报信息

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en x_refsource_CONFIRM
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html x_refsource_MISC
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html x_refsource_MISC
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html x_refsource_MISC
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html x_refsource_MISC
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2019-0708

一、 漏洞 CVE-2019-0708 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2019-0708 的公开POC

三、漏洞 CVE-2019-0708 的情报信息

一、漏洞 CVE-2019-0708 基础信息