5月15日,微软发布安全补丁修复了CVE编号为CVE-2019-0708的Windows远程桌面服务(RDP)远程代码执行漏洞,该漏洞在不需身份认证的情况下即可远程触发,危害与影响面极大。
一、漏洞描述
Windows远程桌面服务(RDP)主要用于管理人员对Windows服务器进行远程管理,使用量极大。
近日,微软官方披露Windows中的远程桌面服务中存在远程代码执行漏洞,未经身份认证的攻击者可使用RDP协议连接到目标系统并发送精心构造的请求可触发该漏洞。
成功利用此漏洞的攻击者可在目标系统上执行任意代码,可安装应用程序,查看、更改或删除数据,创建完全访问权限的新账户等。
二、风险等级
高危。
三、影响范围
Windows 7 for
32-bit Systems Service Pack 1
Windows 7 for
x64-based Systems Service Pack1
Windows Server
2008 for 32-bit SystemsService Pack 2
Windows Server
2008 for 32-bit SystemsService Pack 2 (Server Core installation)
Windows Server
2008 for Itanium-Based SystemsService Pack 2
Windows Server 2008
for x64-based SystemsService Pack 2
Windows Server
2008 for x64-based SystemsService Pack 2 (Server Core installation)
Windows Server
2008 R2 for Itanium-BasedSystems Service Pack 1
Windows Server
2008 R2 for x64-based SystemsService Pack 1
Windows Server
2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
Windows XP SP3
x86
Windows XP
Professional x64 Edition SP2
Windows XP
Embedded SP3 x86
Windows Server
2003 SP2 x86
Windows Server
2003 x64 Edition SP2
四、处置建议
1.官方补丁
微软官方已经推出安全更新请参考以下官方安全通告下载并安装最新补丁:
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
或根据以下表格查找对应的系统版本下载最新补丁:
操作系统版本
补丁下载链接
Windows 7 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows 7 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows Server 2008 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu
Windows Server 2008 Itanium
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu
Windows Server 2008 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu
Windows Server 2008 R2 Itanium
http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu
Windows Server 2008 R2 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Server 2003 x86
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe
Windows Server 2003 x64
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe
Windows XP SP3
http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe
Windows XP SP2 for x64
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe
Windows XP SP3 for XPe
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe
2.缓解方法
(1)在网络出入口防火墙处禁止互联网对3389端口的访问。
(2)添加安全策略禁止远程桌面到终端。