近日,微軟發(fā)布安全補(bǔ)丁修復(fù)了CVE編號(hào)為CVE-2019-0708的Windows遠(yuǎn)程桌面服務(wù)(RDP)遠(yuǎn)程代碼執(zhí)行漏洞,該漏洞在不需身份認(rèn)證的情況下即可遠(yuǎn)程觸發(fā),危害與影響面極大。
QAX通過全球鷹分析發(fā)現(xiàn)國內(nèi)有超過150萬臺(tái)主機(jī)對(duì)外開放3389端口,可能受到漏洞影響。
漏洞描述
Windows 遠(yuǎn)程桌面服務(wù)(RDP)主要用于管理人員對(duì) Windows 服務(wù)器進(jìn)行遠(yuǎn)程管理,使用量極大。
近日,微軟官方披露Windows中的遠(yuǎn)程桌面服務(wù)中存在遠(yuǎn)程代碼執(zhí)行漏洞,未經(jīng)身份認(rèn)證的攻擊者可使用RDP協(xié)議連接到目標(biāo)系統(tǒng)并發(fā)送精心構(gòu)造的請(qǐng)求可觸發(fā)該漏洞。
成功利用此漏洞的攻擊者可在目標(biāo)系統(tǒng)上執(zhí)行任意代碼,可安裝應(yīng)用程序,查看、更改或刪除數(shù)據(jù),創(chuàng)建完全訪問權(quán)限的新賬戶等。
安全監(jiān)測(cè)與響應(yīng)中心風(fēng)險(xiǎn)評(píng)級(jí)為:高危
預(yù)警等級(jí):藍(lán)色預(yù)警(一般事件)
影響范圍
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack1
Windows Server 2008 for 32-bit SystemsService Pack 2
Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
Windows XP SP3 x86
Windows XP Professional x64 Edition SP2
Windows XP Embedded SP3 x86
Windows Server 2003 SP2 x86
Windows Server 2003 x64 Edition SP2
處置建議
官方補(bǔ)丁
微軟官方已經(jīng)推出安全更新請(qǐng)參考以下官方安全通告下載并安裝最新補(bǔ)丁:
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
或根據(jù)以下表格查找對(duì)應(yīng)的系統(tǒng)版本下載最新補(bǔ)丁:
|
操作系統(tǒng)版本 |
補(bǔ)丁下載鏈接 |
|
Windows 7 x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu |
|
Windows 7 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Embedded Standard 7 for x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Embedded Standard 7 for x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu |
|
Windows Server 2008 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu |
|
Windows Server 2008 Itanium |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu |
|
Windows Server 2008 x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu |
|
Windows Server 2008 R2 Itanium |
http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu |
|
Windows Server 2008 R2 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Server 2003 x86 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe |
|
Windows Server 2003 x64 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe |
|
Windows XP SP3 |
http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe |
|
Windows XP SP2 for x64 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe |
|
Windows XP SP3 for XPe |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe |
操作策略
1、不要對(duì)外映射端口,尤其是3389口。
2、及時(shí)對(duì)數(shù)據(jù)庫做備份。
3、確保服務(wù)器帳號(hào)與密碼的復(fù)雜度。
微軟官方公告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
關(guān)注
微信
關(guān)注博聶科官方微信
