当前位置:首页 > 安全预警 > 正文

关于Microsoft远程桌面服务 存在远程代码执行漏洞 安全预警通告

发布时间:2019-08-15 11:52:18,来源:恒安嘉新

      一、漏洞描述

近日,互联网爆出Microsoft远程桌面服务远程代码执行漏洞(CVE-2019-1181 、CVE-2019-1182、CVE-2019-1222 、CVE-2019-1226)。攻击者利用该漏洞,可在未授权的情况下远程执行代码。该漏洞危害程度为高危(High)。目前,厂商针对该漏洞已发布安全补丁。

      二、影响范围

受影响版本:

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for  ARM64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for tanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

      三、漏洞原理

Microsoft Windows是美国微软公司发布的视窗操作系统。远程桌面连接是微软从Windows 2000 Server开始提供的组件。

2019年8月13日,微软发布了安全更新补丁,其中修复了4个远程桌面服务远程代码执行漏洞, CVE编号分别为:CVE-2019-1181、CVE-2019-1182、CVE-2019-1222、CVE-2019-1226。其中 CVE-2019-1181 和 CVE-2019-1182 这两个漏洞和先前的 BlueKeep(CVE-2019-0708)一样,属于“可蠕虫传播的”漏洞。

利用该漏洞远程且未经身份验证的攻击者,向目标服务端口发送恶意构造请求,无需进行用户交互操作,即可获取目标系统的权限并执行任意代码。利用该漏洞,存在被不法分子利用进行蠕虫攻击的可能。

      四、修复建议

目前,官方已发布补丁修复此漏洞,建议用户立即升级至最新版本::

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226