Ms12-20 Remote Desktop (RDP) 3389 Vulnerability

Source: Internet
Author: User

This is a 12-year vulnerability, but many other systems have not been patched. It is recorded here for further summary.

First, list the affected systems (check whether your system is in it ):

Windows Server 2003 Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2003x64 Edition Service Pack 2

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 sp2 (for itanium-based systems)

Windows Server 2008 (for 32-bit Systems) Service Pack 2 *

Windows Server 2008 (for x64-based systems) Service Pack 2 *

Windows Server 2008 (for itanium-based systems) Service Pack 2

Windows 7 (for 32-bit systems) and Windows 7 (for 32-bit Systems) Service Pack 1

Windows 7 (for 32-bit systems) and Windows 7 (for 32-bit Systems) Service Pack 1

Windows 7 (for x64-based systems) and Windows 7 (for x64-based systems) Service Pack 1

Windows 7 (for x64-based systems) and Windows 7 (for x64-based systems) Service Pack 1

Windows Server 2008 R2 (for x64-based systems) and Windows Server 2008 R2 (for x64-based systems) Service Pack 1 *

Windows Server 2008 R2 (for x64-based systems) and Windows Server 2008 R2 (for x64-based systems) Service Pack 1 *

Windows Server 2008 R2 (for itanium-based systems) and Windows Server 2008 R2 (for itanium-based systems) Service Pack 1

Windows Server 2008 R2 (for itanium-based systems) and Windows Server 2008 R2 (for itanium-based systems) Service Pack 1


Check whether the patch is installed:

Use cmd to enter the command line (click the Start Menu, Enter cmd in the search box, and press enter to enter the command line), and then enterSysteminfo | find/I "kb2621440"If nothing is displayed, no patch is installed.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/08/wKioL1PQg6eR42UyAAAQSvQ0h5U259.gif "Title =" qq20140724115004.gif "alt =" wkiol1pqg6er42uyaaaqsvq0h5u259.gif "/>

The above system is patched.


Then begin to restore the Attack Process (provided that the system has not been patched ):

1) first open the unpatched system, 2003 and 2008 (in the virtual machine)

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/07/wKioL1PQgnyz2roAAAAaLTn45w0678.gif "Title =" qq20140724114358.gif "alt =" wkiol1pqgnyz2roaaaltn45w0678.gif "/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/08/wKiom1PQgbbAaEu5AAAKDmWaZa4106.gif "Title =" qq20140724114643.gif "alt =" wkiom1pqgbbaaeu5aaakdmwaza4246.gif "/>

2) use the vulnerability exploitation program to operate on 2003 with 2008 (2008ip: 192.168.200.130 ):

Run the command in the format of nc ip 3389 <exp. Dy and press Enter.

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/09/wKioL1PQhX2hP0XXAAAao3I-M5o892.gif "Title =" qq20140724115810.gif "alt =" wKioL1PQhX2hP0XXAAAao3I-M5o892.gif "/>

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/09/wKiom1PQhIfwEHWFAAAjl8xMk1g249.gif "Title =" qq20140724115847.gif "alt =" wkiom1pqhifwehwfaaajl8xmk1g249.gif "/>

In the above example, if three hearts appear, it indicates that they have succeeded. Let's take a look at 2008 again:

650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/41/0A/wKiom1PQhQDQvodFAABv1G5HxKI858.gif "Title =" qq2014072442543.gif "alt =" wkiom1pqhqdqvodfaabv1g5hxki858.gif "/>

Blue Screen.


The blue screen causes great harm. For example, if your server is running web services, you can imagine a blue screen;

For the person who obtains the shell, it may also lead to elevation of permission, and put a trojan or something into the startup item ....

Therefore, we strongly recommend that you enable automatic update and set it to automatic download and installation.


This article only studies attack and prevention. Do not use it illegally!

This article from the "cold rain" blog, please be sure to keep this source http://z190100425.blog.51cto.com/3622029/1529637

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.