Sampei.Nihira Posted December 17, 2019 Share Posted December 17, 2019 (edited) Quote While the BlueKeep (CVE-2019-0708) vulnerability has not, to date, caused widespread havoc, and we will be looking at the reasons why in this post, it is still very early in its exploitation life cycle. The fact remains that many systems are still not patched, and a thoroughly wormable version of the exploit might still be found. Because of these factors, ESET has created a free utility to check if a system is vulnerable............... Quote This program has been tested against 32-bit and 64-bit versions of Windows XP.............. https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/ Unfortunately, the tool does not work for me. Does anyone have the same problem? Edited December 17, 2019 by Sampei.Nihira Link to comment Share on other sites More sharing options...
sparty411 Posted December 17, 2019 Share Posted December 17, 2019 1 hour ago, Sampei.Nihira said: https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/ Unfortunately, the tool does not work for me. Does anyone have the same problem? No go on my end with Windows XP 32 bit Link to comment Share on other sites More sharing options...
win32 Posted December 17, 2019 Share Posted December 17, 2019 (edited) It works in Server 2003 x86, with all updates installed. I get "your computer is safe, Microsoft security update is already installed" I guess there are missing APIs in regular XP (MS messed up the resource tables, which is why the ctrl-c message appears in non-English editions). But you should be good as long as you installed the May updates. Edited December 17, 2019 by win32 Link to comment Share on other sites More sharing options...
VistaLover Posted December 17, 2019 Share Posted December 17, 2019 (edited) 55 minutes ago, sparty411 said: No go on my end with Windows XP 32 bit ... However, works OK on Windows Vista SP2 32-bit: As posted already, the devs themselves claim: Quote This program has been tested against 32-bit and 64-bit versions of Windows XP It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ; also achievable via a GUI setting: Edited December 17, 2019 by VistaLover 3 Link to comment Share on other sites More sharing options...
win32 Posted December 17, 2019 Share Posted December 17, 2019 (edited) It would work in XP x64 since it is Server 2003-derived. 2003 x86 can also be converted to XP but I don't think many people would go to the trouble of doing so. Edited December 17, 2019 by win32 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 17, 2019 Author Share Posted December 17, 2019 (edited) 1 hour ago, VistaLover said: ... However, works OK on Windows Vista SP2 32-bit: As posted already, the devs themselves claim: It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ; also achievable via a GUI setting: Me too. But it is not enough you must also check: Much more complicated to do the same with Windows 10. Completely inhibiting Remote Access in Windows 10 is complicated. But I know a tool that allows you to do everything in a very simple way. __________________________________________ @to All I can't understand why the tool doesn't work in my 32 bit XP.............. Edited December 17, 2019 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
VistaLover Posted December 17, 2019 Share Posted December 17, 2019 16 minutes ago, Sampei.Nihira said: But it is not enough you must also check: I don't have a "Remote Desktop" entry inside WFW's exceptions, only "Remote Assistance", which is not selected (and thus still blocked): 19 minutes ago, Sampei.Nihira said: Much more complicated to do the same with Windows 10. Isn't that the norm with Windows 10 ? Every user accessible setting that was fairly easy to locate in previous Windows versions has been now deeply buried/hidden behind a labyrinth of configuration wizards and clicks (which often get relocated anew with major Win10 semi-annual up(-de)grades) ... 23 minutes ago, Sampei.Nihira said: I can't understand why the tool doesn't work in my 32 bit XP Have you checked it with Dependency Walker yet? Besides, since it checks for installed Windows Updates, it probably needs Admin privileges, so better run from within an Administrator's account... 2 Link to comment Share on other sites More sharing options...
NojusK Posted December 17, 2019 Share Posted December 17, 2019 Home Edition doesn't even include an option to enable it! There is no real way of getting brute forced attacked or hacked via RDP on a consumer computer, as long as it has it disabled =p Tested the tool on my Server, said it was all good Link to comment Share on other sites More sharing options...
Vistapocalypse Posted December 17, 2019 Share Posted December 17, 2019 2 hours ago, VistaLover said: I had already disabled some time ago the "Routing and Remote Access" Windows service... I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.) If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331. 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 17, 2019 Author Share Posted December 17, 2019 (edited) 10 minutes ago, Vistapocalypse said: I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.) If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331. I installed that update (May 2019). @VistaLover I launched the exe from an administrative account. I suspect that the tool needs the Net Frameworks that are not installed on my PC. _____________________________________________________________________ But now it's late, good evening to all. Edited December 17, 2019 by Sampei.Nihira Link to comment Share on other sites More sharing options...
VistaLover Posted December 17, 2019 Share Posted December 17, 2019 (edited) 1 hour ago, Vistapocalypse said: but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. I just simply followed the provided instructions there, hence my previous screengrab in this thread ... Thanks for your concern, though... Edited December 17, 2019 by VistaLover Link to comment Share on other sites More sharing options...
VistaLover Posted December 17, 2019 Share Posted December 17, 2019 (edited) 1 hour ago, Sampei.Nihira said: I suspect that the tool needs the Net Frameworks that are not installed on my PC. ... More likely it needs the latest MS Visual C++ Redistributable, together with Win10 Universal CRT (KB2999226); but I'm sure you'll find the cause in due course... Edited December 17, 2019 by VistaLover Link to comment Share on other sites More sharing options...
Vistapocalypse Posted December 17, 2019 Share Posted December 17, 2019 3 hours ago, Sampei.Nihira said: I can't understand why the tool doesn't work in my 32 bit XP.............. Perhaps it was never tested against 32 bit XP with POSReady 2009 patches installed. (Just a guess.) Link to comment Share on other sites More sharing options...
Vistapocalypse Posted December 17, 2019 Share Posted December 17, 2019 1 hour ago, VistaLover said: I just simply followed the provided instructions there, I do see your point. However, CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability only mentions one mitigation. Quote The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled: 1. Disable Remote Desktop Services if they are not required. If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities. 1 Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted December 18, 2019 Author Share Posted December 18, 2019 (edited) I do not know if I will waste time finding the cause of the ESET Tool not working. First of all, I would like to provide MSFN members with a verification (enable/disable) Remote Access tool that can be used with OS Vista or higher: https://github.com/AndyFul/Hard_Configurator Edited December 18, 2019 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Recommended Posts