近日����,微軟發(fā)布安全補(bǔ)丁修復(fù)了CVE編號為CVE-2019-0708的Windows遠(yuǎn)程桌面服務(wù)(RDP)遠(yuǎn)程代碼執(zhí)行漏洞,該漏洞在不需身份認(rèn)證的情況下即可遠(yuǎn)程觸發(fā)�����,危害與影響面極大����。
QAX通過全球鷹分析發(fā)現(xiàn)國內(nèi)有超過150萬臺主機(jī)對外開放3389端口,可能受到漏洞影響�。
漏洞描述
Windows 遠(yuǎn)程桌面服務(wù)(RDP)主要用于管理人員對 Windows 服務(wù)器進(jìn)行遠(yuǎn)程管理,使用量極大����。
近日,微軟官方披露Windows中的遠(yuǎn)程桌面服務(wù)中存在遠(yuǎn)程代碼執(zhí)行漏洞�����,未經(jīng)身份認(rèn)證的攻擊者可使用RDP協(xié)議連接到目標(biāo)系統(tǒng)并發(fā)送精心構(gòu)造的請求可觸發(fā)該漏洞。
成功利用此漏洞的攻擊者可在目標(biāo)系統(tǒng)上執(zhí)行任意代碼���,可安裝應(yīng)用程序���,查看�、更改或刪除數(shù)據(jù),創(chuàng)建完全訪問權(quán)限的新賬戶等���。
風(fēng)險等級
安全監(jiān)測與響應(yīng)中心風(fēng)險評級為:高危
預(yù)警等級:藍(lán)色預(yù)警(一般事件)
影響范圍
-
Windows 7 for 32-bit Systems Service Pack 1
-
Windows 7 for x64-based Systems Service Pack1
-
Windows Server 2008 for 32-bit SystemsService Pack 2
-
Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)
-
Windows Server 2008 for Itanium-Based SystemsService Pack 2
-
Windows Server 2008 for x64-based SystemsService Pack 2
-
Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)
-
Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1
-
Windows Server 2008 R2 for x64-based SystemsService Pack 1
-
Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
-
Windows XP SP3 x86
-
Windows XP Professional x64 Edition SP2
-
Windows XP Embedded SP3 x86
-
Windows Server 2003 SP2 x86
-
Windows Server 2003 x64 Edition SP2
處置建議
官方補(bǔ)丁
微軟官方已經(jīng)推出安全更新請參考以下官方安全通告下載并安裝最新補(bǔ)?�。?/span>
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
或根據(jù)以下表格查找對應(yīng)的系統(tǒng)版本下載最新補(bǔ)?�。?/span>
|
Windows 7 x86
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
|
|
Windows 7 x64
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
|
|
Windows Embedded Standard 7 for x64
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
|
|
Windows Embedded Standard 7 for x86
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
|
|
Windows Server 2008 x64
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu
|
|
Windows Server 2008 Itanium
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu
|
|
Windows Server 2008 x86
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu
|
|
Windows Server 2008 R2 Itanium
|
http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu
|
|
Windows Server 2008 R2 x64
|
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
|
|
Windows Server 2003 x86
|
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe
|
|
Windows Server 2003 x64
|
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe
|
|
Windows XP SP3
|
http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe
|
|
Windows XP SP2 for x64
|
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe
|
|
Windows XP SP3 for XPe
|
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe
|
操作策略
1��、不要對外映射端口�,尤其是3389口���。
2�����、及時對數(shù)據(jù)庫做備份��。
3��、確保服務(wù)器帳號與密碼的復(fù)雜度���。
微軟官方公告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
