近日,微軟發布安全補丁修復了CVE編號為CVE-2019-0708的Windows遠程桌面服務(RDP)遠程代碼執行漏洞,該漏洞在不需身份認證的情況下即可遠程觸發,危害與影響面極大。
QAX通過全球鷹分析發現國內有超過150萬臺主機對外開放3389端口,可能受到漏洞影響。
漏洞描述
Windows 遠程桌面服務(RDP)主要用于管理人員對 Windows 服務器進行遠程管理,使用量極大。
近日,微軟官方披露Windows中的遠程桌面服務中存在遠程代碼執行漏洞,未經身份認證的攻擊者可使用RDP協議連接到目標系統并發送精心構造的請求可觸發該漏洞。
成功利用此漏洞的攻擊者可在目標系統上執行任意代碼,可安裝應用程序,查看、更改或刪除數據,創建完全訪問權限的新賬戶等。
安全監測與響應中心風險評級為:高危
預警等級:藍色預警(一般事件)
影響范圍
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack1
Windows Server 2008 for 32-bit SystemsService Pack 2
Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2
Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1
Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
Windows XP SP3 x86
Windows XP Professional x64 Edition SP2
Windows XP Embedded SP3 x86
Windows Server 2003 SP2 x86
Windows Server 2003 x64 Edition SP2
處置建議
官方補丁
微軟官方已經推出安全更新請參考以下官方安全通告下載并安裝最新補丁:
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
或根據以下表格查找對應的系統版本下載最新補丁:
|
操作系統版本 |
補丁下載鏈接 |
|
Windows 7 x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu |
|
Windows 7 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Embedded Standard 7 for x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Embedded Standard 7 for x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu |
|
Windows Server 2008 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu |
|
Windows Server 2008 Itanium |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu |
|
Windows Server 2008 x86 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu |
|
Windows Server 2008 R2 Itanium |
http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu |
|
Windows Server 2008 R2 x64 |
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu |
|
Windows Server 2003 x86 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe |
|
Windows Server 2003 x64 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe |
|
Windows XP SP3 |
http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe |
|
Windows XP SP2 for x64 |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe |
|
Windows XP SP3 for XPe |
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe |
操作策略
1、不要對外映射端口,尤其是3389口。
2、及時對數據庫做備份。
3、確保服務器帳號與密碼的復雜度。
微軟官方公告:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
關注
微信
關注博聶科官方微信
