Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Windows Server 2008 R2 exploitation caveat more visible in BlueKeep exploit #12575

Merged
merged 3 commits into from Nov 14, 2019

Conversation

@wvu-r7
Copy link
Contributor

wvu-r7 commented Nov 14, 2019

People are not reading the source code, much less the commit message where it originated.

This PR addresses that issue inelegantly by explaining the caveat in both the module description and the module documentation:

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\Winstations\RDP-Tcp\fDisableCam
needs to be set to 0 for exploitation to succeed against Windows Server 2008 R2.
This is a non-standard configuration for normal servers, and the target will crash if
the aforementioned Registry key is not set!

In automatic mode, there is additionally a print reminding the user to check fDisableCam.

@wvu-r7 wvu-r7 added module bug labels Nov 14, 2019
Copy link
Contributor

bwatters-r7 left a comment

LGTM

@wvu-r7 wvu-r7 self-assigned this Nov 14, 2019
wvu-r7 added a commit that referenced this pull request Nov 14, 2019
@wvu-r7 wvu-r7 merged commit 28ecefa into rapid7:master Nov 14, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
msjenkins-r7 added a commit that referenced this pull request Nov 14, 2019
@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

wvu-r7 commented Nov 14, 2019

Release Notes

This improves the visibility of a particularly important exploitation caveat for Windows Server 2008 R2 while using the BlueKeep exploit. A Windows Registry key must be modified on vulnerable, standard configurations for exploitation to succeed. Otherwise, the target will crash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.