【漏洞預警】Windows RDP遠程執行代碼漏洞(CVE-2019-0708)

發布時間 2019-05-15



背景描述


5月14日微軟發布了針對遠程桌面服務(以前稱為終端服務)的遠程執行代碼漏洞CVE-2019-0708的修復程序,該漏洞影響了某些舊版本的Windows。遠程桌面協議(RDP)本身不容易受到攻擊。此漏洞是預身份驗證,無需用戶交互。成功利用此漏洞的攻擊者可以在目標系統上執行任意代碼。然後攻擊者可以安裝程序、查看、更改或刪除數據,或創建具有完全用戶權限的新帳戶。


要利用此漏洞,攻擊者需要通過RDP向目標系統遠程桌面服務發送特制請求。


該漏洞可能會被用來為惡意軟件提供支持,像2017年的WannaCry勒索軟件攻擊一樣。


2017年5月,WannaCry勒索軟件威脅在全球迅速蔓延,運行Windows XP和舊版Windows系統中尤為普遍。微軟已經發布了針對該漏洞的補丁,但許多較舊且易受攻擊的操作系統從未更新過。


影響範圍


CVE ID:       CVE-2019-0708


漏洞等級︰  高危


影響版本︰
            Windows 7
            Windows Server 2008 R2
            Windows Server 2008
            Windows 2003

            Windows XP


注意︰目前Windows 8和Windows 10不受此漏洞影響

修復方案


1.強烈建議更新所有受影響的系統
2.禁用遠程桌面服務(如不需要)
3.啟用網絡級認證(NLA)

系統版本

下載鏈接

Windows 7 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows 7 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded Standard 7 for x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded Standard 7 for x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows Server 2008 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu

Windows Server 2008 Itanium

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu

Windows Server 2008 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

Windows Server 2008 R2 Itanium

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu

Windows Server 2008 R2 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Server 2003 x86

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe

Windows Server 2003 x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe

Windows XP SP3

http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe

Windows XP SP2 for x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe

Windows XP SP3 for XPe

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe

WES09 and POSReady 2009

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-chs_e3fceca22313ca5cdda811f49a606a6632b51c1c.exe


參考鏈接

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/?from=groupmessage&isappinstalled=0
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
https://support.microsoft.com/help/4500705