Jump to content

It’s time to disconnect RDP from the internet.


Sampei.Nihira

Recommended Posts

Quote

While the BlueKeep (CVE-2019-0708) vulnerability has not, to date, caused widespread havoc, and we will be looking at the reasons why in this post, it is still very early in its exploitation life cycle. The fact remains that many systems are still not patched, and a thoroughly wormable version of the exploit might still be found. Because of these factors, ESET has created a free utility to check if a system is vulnerable...............

Quote

This program has been tested against 32-bit and 64-bit versions of Windows XP..............

 

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

 

Unfortunately, the tool does not work for me.
Does anyone have the same problem?

 

xAyN8LDS_o.jpg

Edited by Sampei.Nihira
Link to comment
Share on other sites


It works in Server 2003 x86, with all updates installed.

I get "your computer is safe, Microsoft security update is already installed"

I guess there are missing APIs in regular XP (MS messed up the resource tables, which is why the ctrl-c message appears in non-English editions). But you should be good as long as you installed the May updates.

Edited by win32
Link to comment
Share on other sites

55 minutes ago, sparty411 said:

No go on my end with Windows XP 32 bit

... However, works OK on Windows Vista SP2 32-bit:

gViFrWx.jpg

As posted already, the devs themselves claim:

Quote

This program has been tested against 32-bit and 64-bit versions of Windows XP

:dubbio: It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ;) ; also achievable via a GUI setting:

hu8D7h0.jpg

:P

Edited by VistaLover
Link to comment
Share on other sites

It would work in XP x64 since it is Server 2003-derived. 2003 x86 can also be converted to XP but I don't think many people would go to the trouble of doing so.

Edited by win32
Link to comment
Share on other sites

1 hour ago, VistaLover said:

... However, works OK on Windows Vista SP2 32-bit:

gViFrWx.jpg

As posted already, the devs themselves claim:

:dubbio: It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ;) ; also achievable via a GUI setting:

hu8D7h0.jpg

:P

Me too.
But it is not enough you must also check:

rqMjJJAi_o.jpg

Much more complicated to do the same with Windows 10.

Completely inhibiting Remote Access in Windows 10 is complicated.
But I know a tool that allows you to do everything in a very simple way.

__________________________________________

@to All

I can't understand why the tool doesn't work in my 32 bit XP..............:dubbio:

Edited by Sampei.Nihira
Link to comment
Share on other sites

16 minutes ago, Sampei.Nihira said:

But it is not enough you must also check:

rqMjJJAi_o.jpg

I don't have a "Remote Desktop" entry inside WFW's exceptions, only "Remote Assistance", which is not selected (and thus still blocked):

0NDAMVO.jpg

19 minutes ago, Sampei.Nihira said:

Much more complicated to do the same with Windows 10.

Isn't that the norm with Windows 10 :realmad: ? Every user accessible setting that was fairly easy to locate in previous Windows versions has been now deeply buried/hidden behind a labyrinth of configuration wizards and clicks (which often get relocated anew with major Win10 semi-annual up(-de)grades) ... :angry:

23 minutes ago, Sampei.Nihira said:

I can't understand why the tool doesn't work in my 32 bit XP

Have you checked it with Dependency Walker yet? Besides, since it checks for installed Windows Updates, it probably needs Admin privileges, so better run from within an Administrator's account... :dubbio:

Link to comment
Share on other sites

Home Edition doesn't even include an option to enable it! There is no real way of getting brute forced attacked or hacked via RDP on a consumer computer, as long  as it has it disabled =p

Tested the tool on my Server, said it was all good :)

Link to comment
Share on other sites

2 hours ago, VistaLover said:

I had already disabled some time ago the "Routing and Remote Access" Windows service... ;)

I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.)

If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331.

Link to comment
Share on other sites

10 minutes ago, Vistapocalypse said:

I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.)

If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331.

I installed that update (May 2019).

@VistaLover

I launched the exe from an administrative account.

I suspect that the tool needs the Net Frameworks that are not installed on my PC.

_____________________________________________________________________

But now it's late, good evening to all.:hello:

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

1 hour ago, Vistapocalypse said:

but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability.

I just simply followed the provided instructions there,

H5Kt97t.jpg

hence my previous screengrab in this thread ;) ...

Thanks for your concern, though... :)

 

Edited by VistaLover
Link to comment
Share on other sites

1 hour ago, Sampei.Nihira said:

I suspect that the tool needs the Net Frameworks that are not installed on my PC.

... More likely it needs the latest MS Visual C++ Redistributable, together with Win10 Universal CRT (KB2999226); but I'm sure you'll find the cause in due course... :)

Edited by VistaLover
Link to comment
Share on other sites

1 hour ago, VistaLover said:

I just simply followed the provided instructions there,

H5Kt97t.jpg

I do see your point. However, CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability only mentions one mitigation.

Quote

The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled:

1. Disable Remote Desktop Services if they are not required.

If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.

 

Link to comment
Share on other sites

I do not know if I will waste time finding the cause of the ESET Tool not working.
First of all, I would like to provide MSFN members with a verification (enable/disable) Remote Access tool that can be used with OS Vista or higher:

 

https://github.com/AndyFul/Hard_Configurator

 

SFvV7KiT_o.jpg

Edited by Sampei.Nihira
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...