Ms12-20 Remote Desktop (RDP) 3389 Vulnerability

This is a 12-year vulnerability, but many other systems have not been patched. It is recorded here for further summary.

First, list the affected systems (check whether your system is in it ):

Windows Server 2003 Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2003x64 Edition Service Pack 2

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 sp2 (for itanium-based systems)

Windows Server 2008 (for 32-bit Systems) Service Pack 2 *

Windows Server 2008 (for x64-based systems) Service Pack 2 *

Windows Server 2008 (for itanium-based systems) Service Pack 2

Windows 7 (for 32-bit systems) and Windows 7 (for 32-bit Systems) Service Pack 1

Windows 7 (for 32-bit systems) and Windows 7 (for 32-bit Systems) Service Pack 1

Windows 7 (for x64-based systems) and Windows 7 (for x64-based systems) Service Pack 1

Windows 7 (for x64-based systems) and Windows 7 (for x64-based systems) Service Pack 1

Windows Server 2008 R2 (for x64-based systems) and Windows Server 2008 R2 (for x64-based systems) Service Pack 1 *

Windows Server 2008 R2 (for x64-based systems) and Windows Server 2008 R2 (for x64-based systems) Service Pack 1 *

Windows Server 2008 R2 (for itanium-based systems) and Windows Server 2008 R2 (for itanium-based systems) Service Pack 1

Windows Server 2008 R2 (for itanium-based systems) and Windows Server 2008 R2 (for itanium-based systems) Service Pack 1

Check whether the patch is installed:

Use cmd to enter the command line (click the Start Menu, Enter cmd in the search box, and press enter to enter the command line), and then enterSysteminfo | find/I "kb2621440"If nothing is displayed, no patch is installed.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/08/wKioL1PQg6eR42UyAAAQSvQ0h5U259.gif "Title =" qq20140724115004.gif "alt =" wkiol1pqg6er42uyaaaqsvq0h5u259.gif "/>

The above system is patched.

Then begin to restore the Attack Process (provided that the system has not been patched ):

1) first open the unpatched system, 2003 and 2008 (in the virtual machine)

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/07/wKioL1PQgnyz2roAAAAaLTn45w0678.gif "Title =" qq20140724114358.gif "alt =" wkiol1pqgnyz2roaaaltn45w0678.gif "/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/08/wKiom1PQgbbAaEu5AAAKDmWaZa4106.gif "Title =" qq20140724114643.gif "alt =" wkiom1pqgbbaaeu5aaakdmwaza4246.gif "/>

2) use the vulnerability exploitation program to operate on 2003 with 2008 (2008ip: 192.168.200.130 ):

Run the command in the format of nc ip 3389 <exp. Dy and press Enter.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/09/wKioL1PQhX2hP0XXAAAao3I-M5o892.gif "Title =" qq20140724115810.gif "alt =" wKioL1PQhX2hP0XXAAAao3I-M5o892.gif "/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/09/wKiom1PQhIfwEHWFAAAjl8xMk1g249.gif "Title =" qq20140724115847.gif "alt =" wkiom1pqhifwehwfaaajl8xmk1g249.gif "/>

In the above example, if three hearts appear, it indicates that they have succeeded. Let's take a look at 2008 again:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/0A/wKiom1PQhQDQvodFAABv1G5HxKI858.gif "Title =" qq2014072442543.gif "alt =" wkiom1pqhqdqvodfaabv1g5hxki858.gif "/>

Blue Screen.

The blue screen causes great harm. For example, if your server is running web services, you can imagine a blue screen;

For the person who obtains the shell, it may also lead to elevation of permission, and put a trojan or something into the startup item ....

Therefore, we strongly recommend that you enable automatic update and set it to automatic download and installation.

This article only studies attack and prevention. Do not use it illegally!

This article from the "cold rain" blog, please be sure to keep this source http://z190100425.blog.51cto.com/3622029/1529637