卓易彩票

  
卓易彩票 >> 通知公告 >> 详细内容
 
热门新闻
通知公告 >> 正文
关于Windows远程桌面服务(RDP)远程代码执行漏洞的通报
日期:2019-06-03 00:00:00  浏览量:62


515日,微软发布安全补丁修复了CVE编号为CVE-2019-0708Windows远程桌面服务(RDP)远程代码执行漏洞,该漏洞在不需身份认证的情况下即可远程触发,危害与影响面极大。

一、漏洞描述

Windows 远程桌面服务(RDP)主要用于管理人员对 Windows 服务器进行远程管理,使用量极大。

近日,微软官方披露Windows中的远程桌面服务中存在远程代码执行漏洞,未经身份认证的攻击者可使用RDP协议连接到目标系统并发送精心构造的请求可触发该漏洞。

成功利用此漏洞的攻击者可在目标系统上执行任意代码,可安装应用程序,查看、更改或删除数据,创建完全访问权限的新账户等。

二、风险等级

高危。

三、影响范围

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows XP SP3 x86

Windows XP Professional x64 Edition SP2

Windows XP Embedded SP3 x86

Windows Server 2003 SP2 x86

Windows Server 2003 x64 Edition SP2

四、处置建议

1。官方补丁

微软官方已经推出安全更新请参考以下官方安全通告下载并安装最新补丁:

https://support。microsoft。com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

或根据以下表格查找对应的系统版本下载最新补丁:

操作系统版本

补丁下载链接

 

Windows 7 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

 

Windows 7 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

 

Windows Embedded Standard 7 for x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

 

Windows Embedded Standard 7 for x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

 

Windows Server 2008 x64

http://download。windowsupdate。com/d/msdownload/update/software/secu/2019/05/windows6。0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6。msu

 

Windows Server 2008 Itanium

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu

 

Windows Server 2008 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

 

Windows Server 2008 R2 Itanium

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu

 

Windows Server 2008 R2 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

 

Windows Server 2003 x86

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe

 

Windows Server 2003 x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe

 

Windows XP SP3

http://download。windowsupdate。com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c。exe

 

Windows XP SP2 for x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe

 

Windows XP SP3 for XPe

http://download。windowsupdate。com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae。exe

2.缓解方法

1)在网络出入口防火墙处禁止互联网对3389端口的访问。

2)添加安全策略禁止远程桌面到终端。

 

点击数:62收藏本页
友情链接:重庆人文科技学院  
众易彩票 新疆喜乐彩 新疆喜乐彩 众盈平台 卓易彩票 众盈官网 众乐彩票 卓易彩票登陆 众盈彩票注册 众益彩票