各校园网用户:
5月15日,微软发布了CVE编号为CVE-2019-0708的Windows远程桌面服务(RDP)远程代码执行漏洞安全补丁修复,该漏洞在不需身份认证的情况下即可远程触发,危害与影响面极大。虽然信息网络中心针对此漏洞已在校园网边界防火墙设置了安全策略(关闭了互联网访问校园局域网的TCP端口3389),但因受局域网内部开启了远程服务的用户终端影响,近几天校内有部分电脑终端受到其波及,导致系统频繁重启,严重影响系统和业务的正常运行,现将此漏洞相关资料及防范措施通报如下,请各用户认真做好自查和防范。
一、漏洞描述
Windows远程桌面服务(RDP)主要用于管理人员对Windows服务器进行远程管理,使用量极大。
近日,微软官方披露Windows中的远程桌面服务中存在远程代码执行漏洞,未经身份认证的攻击者可使用RDP协议连接到目标系统并发送精心构造的请求可触发该漏洞。
成功利用此漏洞的攻击者可在目标系统上执行任意代码,可安装应用程序,查看、更改或删除数据,创建完全访问权限的新账户等。
二、风险等级
高危,该漏洞允许攻击者获取服务器系统权限,并进行蠕虫传播。
三、影响范围
Windows 7for 32-bit Systems Service Pack 1
Windows 7for x64-based Systems Service Pack1
WindowsServer 2008 for 32-bit SystemsService Pack 2
WindowsServer 2008 for 32-bit SystemsService Pack 2 (Server Core installation)
WindowsServer 2008 for Itanium-Based SystemsService Pack 2
WindowsServer 2008 for x64-based SystemsService Pack 2
WindowsServer 2008 for x64-based SystemsService Pack 2 (Server Core installation)
WindowsServer 2008 R2 for Itanium-BasedSystems Service Pack 1
WindowsServer 2008 R2 for x64-based SystemsService Pack 1
WindowsServer 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)
Windows XPSP3 x86
Windows XPProfessional x64 Edition SP2
Windows XPEmbedded SP3 x86
WindowsServer 2003 SP2 x86
WindowsServer 2003 x64 Edition SP2
四、处置建议
1.各版本官方补丁下载地址
微软官方已经推出安全更新请参考以下官方安全通告下载并安装最新补丁:
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
或根据以下表格查找对应的系统版本下载最新补丁:
操作系统版本
补丁下载链接
Windows 7 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows 7 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Embedded Standard 7 for x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu
Windows Server 2008 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu
Windows Server 2008 Itanium
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu
Windows Server 2008 x86
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu
Windows Server 2008 R2 Itanium
http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu
Windows Server 2008 R2 x64
http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu
Windows Server 2003 x86
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe
Windows Server 2003 x64
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe
Windows XP SP3
http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe
Windows XP SP2 for x64
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe
Windows XP SP3 for XPe
http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe
2.防范措施
(1)查看本机系统版本,对照上述补丁下载地址,下载并安装相应补丁修复本机漏洞;
(2)如非必要,建议禁用远程桌面服务。(方法见附件)
五、参考资料
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
