CVE-2024-38077 PoC — Microsoft Remote Desktop Client 安全漏洞

Source

https://github.com/atlassion/CVE-2024-38077-check

Associated Vulnerability

Title:Microsoft Remote Desktop Client 安全漏洞 (CVE-2024-38077)
Description:Microsoft Remote Desktop Client是美国微软（Microsoft）公司的一款远程桌面客户端。 Microsoft Remote Desktop Client存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响：Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core install

Description

基于135端口检测目标是否存在CVE-2024-38077漏洞

Readme

# CVE-2024-38077_check
基于135端口检测目标是否存在CVE-2024-38077漏洞，需要目标机器防火墙未对135进行限制，如果目标开启RDL服务，则受该漏洞影响，如果目标服务器更新了补丁，进行RPC尝试连接该服务会返回 nca_s_fault_access_denied 。

注：2008、2012 补丁没打成功，所以不确定是不是返回 access_denied，图中已更新漏洞补丁的是 2016 和 2019 。

![image](https://github.com/user-attachments/assets/c196e80f-a99e-4606-a6cb-3b80f5adc3dd)

![image](https://github.com/user-attachments/assets/5a4e5dc0-8fd0-4e3d-a212-82c8535b4f95)

![打了补丁的包](https://github.com/user-attachments/assets/3369da81-bb3c-4df4-9ef6-1272733ddf51)

File Snapshot


 [4.0K]  /data/pocs/5e9e5e19e91ae9156f6b6d75ffb3bbcc6b7ea94a
├── [2.4K]  CVE-2024-38077_check.py
└── [ 724]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!