您的位置:電腦故障網 > Windows > 微軟緊急發布Windows遠程桌面高危漏洞補丁 涉及XP 2003Windows

微軟緊急發布Windows遠程桌面高危漏洞補丁 涉及XP 2003

電腦裝機員小李整理編輯2019-05-15【Windows】

微軟應急響應中心近日披露了WindowsServer2003,WindowsServer2008R2及WindowsServer2008的操作系統版本上存在的一個高危安全風險(漏洞編號:CVE-2019-0708),攻擊者可利用該漏洞進行類似Wannacry的蠕蟲利用攻擊,影響大量WindowsXP、Windows2003、Windows2008、Windows7的電腦及服務器

當未經身份驗證的攻擊者使用 RDP 連接到目標系統并發送經特殊設計的請求時,遠程桌面服務(以前稱為“終端服務”)中存在遠程執行代碼漏洞。此漏洞是預身份驗證,無需用戶交互。成功利用此漏洞的攻擊者可以在目標系統上執行任意代碼。攻擊者可隨后安裝程序;查看、更改或刪除數據;或者創建擁有完全用戶權限的新帳戶。

若要利用此漏洞,攻擊者需要通過 RDP 向目標系統遠程桌面服務發送經特殊設計的請求。

此安全更新通過更正遠程桌面服務處理連接請求的方式來修復此漏洞。

為避免受影響,議您及時開展安全自查,如在受影響范圍,請您及時進行更新修復,避免被外部攻擊者入侵。

微軟緊急發布Windows遠程桌面高危漏洞補丁 涉及XP 20031

CVE-2019-0708漏洞詳情

微軟近日發布更新修復了遠程桌面服務上存在的一個嚴重遠程代碼執行漏洞(CVE-2019-0708),該漏洞無需用戶交互即可被遠程利用,具有一定的蠕蟲傳播性質,被利用可導致批量主機受影響。

風險等級

高風險!!!

漏洞風險

可能被遠程批量利用,獲取服務器系統權限,并進行蠕蟲傳播

CVE-2019-0708漏洞影響版本

目前已知受影響版本如下:

WindowsServer2008R2

WindowsServer2008

WindowsServer2003

WindowsXP

Windows7

安全版本

官方已發布安全更新修復該漏洞,你可以通過如下鏈接進行下載:

Windows7及Server2008/Server2008R2用戶:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0708

WindowsXP及Server2003用戶:

https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

CVE-2019-0708漏洞修復建議

1、推薦方案:打開【安全版本】中微軟官方安全更新鏈接,下載并安裝對應操作系統的安全更新

2、臨時方案:

1)執行官方提供的臨時緩解措施,開啟網絡級別身份驗證(NLA,NetworkLevelAuthentication)
參考配置:https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)

2)設置不允許訪問或只允許固定IP訪問3389端口。

微軟原文:

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.?

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.

相關文章

文章評論

服務器推薦

打賞本站

  • 如果您覺得本站很棒,能給您提供些許幫助,可以通過掃碼支付打賞哦!
  • 微信掃碼:你說多少就多少~
  • 支付寶掃碼:你說多少就多少~
  • 實在不想出錢 那就領個紅包吧~
30选5开奖号码结果今天