Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sampei.Nihira

It’s time to disconnect RDP from the internet.

Recommended Posts

Quote

While the BlueKeep (CVE-2019-0708) vulnerability has not, to date, caused widespread havoc, and we will be looking at the reasons why in this post, it is still very early in its exploitation life cycle. The fact remains that many systems are still not patched, and a thoroughly wormable version of the exploit might still be found. Because of these factors, ESET has created a free utility to check if a system is vulnerable...............

Quote

This program has been tested against 32-bit and 64-bit versions of Windows XP..............

 

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

 

Unfortunately, the tool does not work for me.
Does anyone have the same problem?

 

xAyN8LDS_o.jpg

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

It works in Server 2003 x86, with all updates installed.

I get "your computer is safe, Microsoft security update is already installed"

I guess there are missing APIs in regular XP (MS messed up the resource tables, which is why the ctrl-c message appears in non-English editions). But you should be good as long as you installed the May updates.

Edited by win32

Share this post


Link to post
Share on other sites
55 minutes ago, sparty411 said:

No go on my end with Windows XP 32 bit

... However, works OK on Windows Vista SP2 32-bit:

gViFrWx.jpg

As posted already, the devs themselves claim:

Quote

This program has been tested against 32-bit and 64-bit versions of Windows XP

:dubbio: It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ;) ; also achievable via a GUI setting:

hu8D7h0.jpg

:P

Edited by VistaLover
  • Like 3

Share this post


Link to post
Share on other sites

It would work in XP x64 since it is Server 2003-derived. 2003 x86 can also be converted to XP but I don't think many people would go to the trouble of doing so.

Edited by win32

Share this post


Link to post
Share on other sites
1 hour ago, VistaLover said:

... However, works OK on Windows Vista SP2 32-bit:

gViFrWx.jpg

As posted already, the devs themselves claim:

:dubbio: It appears the app only checks for the presence (or absence) of a certain M$ update (for WS2008SP2 it's KB4499180); myself, I had already disabled some time ago the "Routing and Remote Access" Windows service... ;) ; also achievable via a GUI setting:

hu8D7h0.jpg

:P

Me too.
But it is not enough you must also check:

rqMjJJAi_o.jpg

Much more complicated to do the same with Windows 10.

Completely inhibiting Remote Access in Windows 10 is complicated.
But I know a tool that allows you to do everything in a very simple way.

__________________________________________

@to All

I can't understand why the tool doesn't work in my 32 bit XP..............:dubbio:

Edited by Sampei.Nihira
  • Like 1

Share this post


Link to post
Share on other sites
16 minutes ago, Sampei.Nihira said:

But it is not enough you must also check:

rqMjJJAi_o.jpg

I don't have a "Remote Desktop" entry inside WFW's exceptions, only "Remote Assistance", which is not selected (and thus still blocked):

0NDAMVO.jpg

19 minutes ago, Sampei.Nihira said:

Much more complicated to do the same with Windows 10.

Isn't that the norm with Windows 10 :realmad: ? Every user accessible setting that was fairly easy to locate in previous Windows versions has been now deeply buried/hidden behind a labyrinth of configuration wizards and clicks (which often get relocated anew with major Win10 semi-annual up(-de)grades) ... :angry:

23 minutes ago, Sampei.Nihira said:

I can't understand why the tool doesn't work in my 32 bit XP

Have you checked it with Dependency Walker yet? Besides, since it checks for installed Windows Updates, it probably needs Admin privileges, so better run from within an Administrator's account... :dubbio:

  • Like 2

Share this post


Link to post
Share on other sites

Home Edition doesn't even include an option to enable it! There is no real way of getting brute forced attacked or hacked via RDP on a consumer computer, as long  as it has it disabled =p

Tested the tool on my Server, said it was all good :)

Share this post


Link to post
Share on other sites
2 hours ago, VistaLover said:

I had already disabled some time ago the "Routing and Remote Access" Windows service... ;)

I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.)

If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331.

  • Like 1

Share this post


Link to post
Share on other sites
10 minutes ago, Vistapocalypse said:

I also have that service disabled, but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability. (I have avoided KB4499180 in order to retain build 6.0.6002.)

If the tool doesn't work on Windows XP, users should check to see if they installed KB4500331.

I installed that update (May 2019).

@VistaLover

I launched the exe from an administrative account.

I suspect that the tool needs the Net Frameworks that are not installed on my PC.

_____________________________________________________________________

But now it's late, good evening to all.:hello:

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
1 hour ago, Vistapocalypse said:

but believe that "Terminal Services" is more directly related to the BlueKeep vulnerability.

I just simply followed the provided instructions there,

H5Kt97t.jpg

hence my previous screengrab in this thread ;) ...

Thanks for your concern, though... :)

 

Edited by VistaLover

Share this post


Link to post
Share on other sites
1 hour ago, Sampei.Nihira said:

I suspect that the tool needs the Net Frameworks that are not installed on my PC.

... More likely it needs the latest MS Visual C++ Redistributable, together with Win10 Universal CRT (KB2999226); but I'm sure you'll find the cause in due course... :)

Edited by VistaLover

Share this post


Link to post
Share on other sites
3 hours ago, Sampei.Nihira said:

I can't understand why the tool doesn't work in my 32 bit XP..............:dubbio:

Perhaps it was never tested against 32 bit XP with POSReady 2009 patches installed. (Just a guess.)

Share this post


Link to post
Share on other sites
1 hour ago, VistaLover said:

I just simply followed the provided instructions there,

H5Kt97t.jpg

I do see your point. However, CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability only mentions one mitigation.

Quote

The following mitigation may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as possible even if you plan to leave Remote Desktop Services disabled:

1. Disable Remote Desktop Services if they are not required.

If you no longer need these services on your system, consider disabling them as a security best practice. Disabling unused and unneeded services helps reduce your exposure to security vulnerabilities.

 

  • Like 1

Share this post


Link to post
Share on other sites

I do not know if I will waste time finding the cause of the ESET Tool not working.
First of all, I would like to provide MSFN members with a verification (enable/disable) Remote Access tool that can be used with OS Vista or higher:

 

https://github.com/AndyFul/Hard_Configurator

 

SFvV7KiT_o.jpg

Edited by Sampei.Nihira
  • Like 1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...