您的位置:电脑故障网 > Windows > 微软紧急发布Windows远程桌面高危漏洞补丁 涉及XP 2003Windows

微软紧急发布Windows远程桌面高危漏洞补丁 涉及XP 2003

电脑装机员小李整理编辑2019-05-15【Windows】

微软应急响应中心近日披露了WindowsServer2003,WindowsServer2008R2及WindowsServer2008的操作系统版本上存在的一个高危安全风险(漏洞编号:CVE-2019-0708),攻击者可利用该漏洞进行类似Wannacry的蠕虫利用攻击,影响大量WindowsXP、Windows2003、Windows2008、Windows7的电脑及服务器

当未经身份验证的攻击者使用 RDP 连接到目标系统并发送经特殊设计的请求时,远程桌面服务(以前称为“终端服务”)中存在远程执行代码漏洞。此漏洞是预身份验证,无需用户交互。成功利用此漏洞的攻击者可以在目标系统上执行任意代码。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。

若要利用此漏洞,攻击者需要通过 RDP 向目标系统远程桌面服务发送经特殊设计的请求。

此安全更新通过更正远程桌面服务处理连接请求的方式来修复此漏洞。

为避免受影响,议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

微软紧急发布Windows远程桌面高危漏洞补丁 涉及XP 20031

CVE-2019-0708漏洞详情

微软近日发布更新修复了远程桌面服务上存在的一个严重远程代码执行漏洞(CVE-2019-0708),该漏洞无需用户交互即可被远程利用,具有一定的蠕虫传播性质,被利用可导致批量主机受影响。

风险等级

高风险!!!

漏洞风险

可能被远程批量利用,获取服务器系统权限,并进行蠕虫传播

CVE-2019-0708漏洞影响版本

目前已知受影响版本如下:

WindowsServer2008R2

WindowsServer2008

WindowsServer2003

WindowsXP

Windows7

安全版本

官方已发布安全更新修复该漏洞,你可以通过如下链接进行下载:

Windows7及Server2008/Server2008R2用户:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0708

WindowsXP及Server2003用户:

https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

CVE-2019-0708漏洞修复建议

1、推荐方案:打开【安全版本】中微软官方安全更新链接,下载并安装对应操作系统的安全更新

2、临时方案:

1)执行官方提供的临时缓解措施,开启网络级别身份验证(NLA,NetworkLevelAuthentication)
参考配置:https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)

2)设置不允许访问或只允许固定IP访问3389端口。

微软原文:

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.?

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.

相关文章

文章评论

服务器推荐

打赏本站

  • 如果您觉得本站很棒,能给您提供些许帮助,可以通过扫码支付打赏哦!
  • 微信扫码:你说多少就多少~
  • 支付宝扫码:你说多少就多少~
  • 实在不想出钱 那就领个红包吧~