Windows Server 2008 R2 CVE-2012-0002/CVE-2012-0152 漏洞处理

发现漏洞

• 通过nmap扫描windows server 发现上述 CVE-2012-002/ CVE-2012-0152，扫描结果如下

Host is up (0.053s latency).
Not shown: 954 closed tcp ports (reset), 34 filtered tcp ports (no-response)
PORT      STATE SERVICE
3389/tcp  open  ms-wbt-server
|_ssl-ccs-injection: No reply from server (TIMEOUT)
| rdp-vuln-ms12-020: 
|   VULNERABLE:
|   MS12-020 Remote Desktop Protocol Denial Of Service Vulnerability
|     State: VULNERABLE
|     IDs:  CVE:CVE-2012-0152
|     Risk factor: Medium  CVSSv2: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P)
|           Remote Desktop Protocol vulnerability that could allow remote attackers to cause a denial of service.
|           
|     Disclosure date: 2012-03-13
|     References:
|       http://technet.microsoft.com/en-us/security/bulletin/ms12-020
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0152
|   
|   MS12-020 Remote Desktop Protocol Remote Code Execution Vulnerability
|     State: VULNERABLE
|     IDs:  CVE:CVE-2012-0002
|     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
|           Remote Desktop Protocol vulnerability that could allow remote attackers to execute arbitrary code on the targeted system.
|           
|     Disclosure date: 2012-03-13
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002
|_      http://technet.microsoft.com/en-us/security/bulletin/ms12-020

补丁信息查找

• 访问国家信息安全漏洞库地址或CVE HOME，查找相关补丁。
• 国家信息安全漏洞库 http://www.cnnvd.org.cn
• CVE HOME https://cve.mitre.org/cve/

过程示例

• 本文以登录国家信息安全漏洞库为例，登录后搜索相关CVE编号
  
• 查询到漏洞相关信息，包含 危害等级、发布时间、威胁类型，关联厂商、CNNVD编号等
  
• 根据漏洞公告相关提示点击补丁获取链接地址，本文以 server 2008 R2 为例。

http://technet.microsoft.com/zh-cn/security/bulletin/ms12-020

下载补丁

• 登录补丁下载地址

https://www.catalog.update.microsoft.com/Home.aspx

• 搜索对应补丁号KB2621440进行下载

补丁安装

• 下载后直接运行安装即可，如需重启Server,务必重启，重启后查询已安装的补

• msi补丁安装完毕后，可通过KALI msfconsle进行漏洞复现或nmap扫描，使用nmap进行常见漏洞扫描后，未发现该漏洞，处理完成。

漏洞处理结束