根据国家信息安全漏洞共享平台(CNVD)《关于Microsoft远程桌面服务存在远程代码执行漏洞的安全公告》,Microsoft远程桌面服务存在远程代码执行漏洞(CNVD-2019-27323、CNVD-2019-27324、CNVD-2019-27325、CNVD-2019-27326)。攻击者利用该漏洞,可在未授权的情况下远程执行代码。目前,微软公司已发布官方补丁。
一、漏洞情况
2019年8月13日,微软发布了安全更新补丁,其中修复了4个远程桌面服务远程代码执行漏洞,CVE编号分别为:CVE-2019-1181、CVE-2019-1182、CVE-2019-1222、CVE-2019-1226。未经身份验证的攻击者利用该漏洞,向目标服务端口发送恶意构造请求,可以在目标系统上执行任意代码。该漏洞的利用无需进行用户交互操作,存在被不法分子利用进行蠕虫攻击的可能。
CNVD对该漏洞的综合评级为“高危”。
二、影响范围
上述漏洞影响的产品版本包括:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-basedSystems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-basedSystems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-basedSystems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-basedSystems
Windows 10 Version 1803 for x64-basedSystems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-basedSystems
Windows 10 Version 1809 for x64-basedSystems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-basedSystems
Windows 10 Version 1903 for x64-basedSystems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems ServicePack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for tanium-BasedSystems Service Pack 1
Windows Server 2008 R2 for x64-basedSystems Service Pack 1
Windows Server 2008 R2 for x64-basedSystems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Coreinstallation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Coreinstallation)
Windows Server 2016
Windows Server 2016 (Server Coreinstallation)
Windows Server 2019
Windows Server 2019 (Server Coreinstallation)
Windows Server, version 1803 (Server CoreInstallation)
Windows Server, version 1903 (Server Coreinstallation)
三、处置方式
目前,微软官方已发布补丁修复此漏洞,建议用户立即升级至最新版本。
补丁地址为:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
请各部门做好防范,尤其是各部门服务器要及时做好漏洞修复,消除安全隐患,如果发现系统遭受攻击情况,及时报告图文信息中心和学院办公室。
(供稿:刘文/编辑:周永涛/审核:吴政)
