windows/local/cve_2020_0787_bits_arbitrary_file_move (and similar) fails due to incorrect revision_number checks

[upsidedwn]

Fixes #18797

Verification

Before the patch:

msf6 exploit(windows/local/cve_2020_0787_bits_arbitrary_file_move) > exploit

[-] Handler failed to bind to 10.148.0.3:40018:-  -
[*] Started reverse TCP handler on 0.0.0.0:40018
[*] Running automatic check ("set AutoCheck false" to disable)
[-] Exploit failed: NoMethodError undefined method `revision_number' for #<Rex::Version "10.0.17763.0">
[*] Exploit completed, but no session was created.

After the patch:

msf6 exploit(windows/local/cve_2020_0787_bits_arbitrary_file_move) > exploit
[-] Handler failed to bind to 10.148.0.3:40018:-  -
[*] Started reverse TCP handler on 0.0.0.0:40018
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The target is not exploitable. The build number of the target machine does not appear to be a vulnerable version! ForceExploit is enabled, proceeding with exploitation.
[*] Step #1: Checking target environment...
[*] Step #2: Generating the malicious DLL...
[*] Payload DLL is 94208 bytes long
[*] Step #3: Loading the exploit DLL to run the main exploit...
[*] Launching netsh to host the DLL...
[-] Operation failed. Trying to inject into the current process...
[*] Reflectively injecting the DLL into 7132...
[*] Sleeping for 20 seconds to allow the exploit to run...
[*] Starting the interactive scan job...
[-] Exploit failed [user-interrupt]: Rex::TimeoutError Send timed out
[-] exploit: Interrupted

[smcintyre-r7]

These changes look good, I was able to reproduce the original issue and validate that the proposed changes fix it. Thank you for submitting this to us.

[smcintyre-r7]

Release Notes

This fixes an issue in the exploit/windows/local/cve_2020_0787_bits_arbitrary_file_move module's check method that was causing version comparisons to fail.