首頁 > 安全研究 > 安全通報 > 安全通告

Microsoft 遠程桌面服務遠程代碼執行漏洞安全通告

發布時間 2019-09-09

漏洞編號和級別


CVE編號:CVE-2019-0708,危險級別:嚴重,CVSS分值:9.8


影響版本


受影響的版本


Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows XP SP3 x86

Windows XP Professional x64 Edition SP2

Windows XP Embedded SP3 x86

Windows Server 2003 SP2 x86

Windows Server 2003 x64 Edition SP2


漏洞概述


5月 14 日,微軟官方發布安全更新,其中修復了 Windows 系統遠程桌面服務中存在的遠程代碼執行漏洞(CVE-2019- 0708)。攻擊者在遠程且未經授權的情況下,通過發送精心構造的惡意數據包到目標服務器的遠程桌面服務端口(默認為 3389),無需其他交互,即可在目標服務器上執行惡意代碼,獲取系統權限。


直至 9 月 7 日,開源的漏洞利用框架 metasploit-framework 新增了此漏洞的利用模塊(cve_2019_0708_bluekeep_rce),漏洞利用工具開始擴散,已經造成蠕蟲級的安全威脅。由于可以造成遠程代碼執行的漏洞利用腳本已經公開,加上此漏洞本身具有可蠕蟲傳播的性質,有可能會導致類似之前的 WannaCry 蠕蟲安全事件發生,因此目前仍未做漏洞修復的用戶需盡快更新微軟官方的安全補丁。


漏洞驗證


EXP:https://github.com/rapid7/metasploit-framework/pull/12283。


修復建議


官方補?。?/span>


微軟官方已經推出安全更新請參考以下官方安全通告下載并安裝最新補?。?/span>

https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708


或根據以下表格查找對應的系統版本下載最新補?。?/span>


操作系統版本

補丁下載鏈接

Windows 7 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows 7 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded  Standard 7 for x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded  Standard 7 for x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows Server 2008  x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu

Windows Server 2008  Itanium

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu

Windows Server 2008  x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

Windows Server 2008 R2  Itanium

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu

Windows Server 2008 R2  x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Server 2003  x86

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe

Windows Server 2003  x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe

Windows XP SP3

http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe

Windows XP SP2 for x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe

Windows XP SP3 for XPe

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe

WES09 and POSReady  2009

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-chs_e3fceca22313ca5cdda811f49a606a6632b51c1c.exe


臨時解決方案:


若用戶不需要用到遠程桌面服務,建議禁用該服務。

開啟網絡級別身份驗證(NLA)

關閉TCP端口3389的連接,或對相關服務器做訪問來源過濾,只允許可信IP連接。


參考鏈接


https://github.com/rapid7/metasploit-framework/pull/12283

https://msrc-blog.microsoft.com/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/


上一篇 下一篇