【预警】蠕虫级RDP远程桌面服务漏洞(CVE-2019-1181/1182)
2019-08-16 13:55:07 Author: mp.weixin.qq.com(查看原文) 阅读量:98 收藏

漏洞介绍

CVE-2019-0708还没走远,微软在梳理0708的原理的时候发现的两个新漏洞(CVE-2019-1181/CVE-2019-1182)并推送修复,腾讯云安全中心的短信中将此漏洞称为“蠕虫级"。

  与之前修复的“BlueKeep”漏洞(CVE-2019-0708)几乎一样,这两个漏洞影响了几乎所有目前受支持的Windows系统。此漏洞是预身份验证且无需用户交互,这就意味着这个漏洞可以通过网络蠕虫的方式被利用,任何利用这些漏洞的恶意软件都有可能从易受攻击的计算机传播到易受攻击的计算机而无需用户交互。

影响范围

  • Windows 10 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1703 for 32-bit Systems

  • Windows 10 Version 1703 for x64-based Systems

  • Windows 10 Version 1709 for 32-bit Systems

  • Windows 10 Version 1709 for 64-based Systems

  • Windows 10 Version 1709 for ARM64-based Systems

  • Windows 10 Version 1803 for 32-bit Systems

  • Windows 10 Version 1803 for ARM64-based Systems

  • Windows 10 Version 1803 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1903 for 32-bit Systems

  • Windows 10 Version 1903 for ARM64-based Systems

  • Windows 10 Version 1903 for x64-based Systems

  • Windows 7 for 32-bit Systems Service Pack 1

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 8.1 for 32-bit systems

  • Windows 8.1 for x64-based systems

  • Windows RT 8.1

  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2016

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2019

  • Windows Server 2019 (Server Core installation)

  • Windows Server, version 1803 (Server Core Installation)

  • Windows Server, version 1903 (Server Core installation)

注意:对于使用Windows 7 Service Pack 1或者Windows Server 2008 R2 Service Pack 1的用户,只有安装了RDP 8.0或RDP 8.1,这些操作系统才会受到此漏洞的影响。

以上数据来源于360CERT

修复建议

  • 如非必须建议关闭企业外围防火墙的TCP端口3389

  • 如系统上无需此服务,建议禁用

  • 使用Windows Update打上补丁修复漏洞

  • 在受支持的Windows 7、Windows Server 2008和Windows Server 2008 R2版本的系统上启用网络身份验证(NLA)可部分缓解


文章来源: https://mp.weixin.qq.com/s/gKavbILKMAnNkBrkSZw8Ew
如有侵权请联系:admin#unsafe.sh