安全专题 返回部门首页

关于Windows远程桌面服务远程代码执行漏洞的预警

来源: 发布时间:2019/5/29 14:53:53 浏览人数:

    一、漏洞概述
    2019
515日,微软公布了5月的补丁更新列表,在其中存在一个被标记为严重的RDP(远程桌面服务)远程代码执行漏洞(cve-2019-0708),攻击者可以利用此漏洞,无需用户验证,在目标系统上执行恶意代码。
专家研判认为,该漏洞威胁程度与永恒之蓝类似,可以蠕虫化利用,且微软公布的补丁,包括对已停止技术支持服务的WindowsXPWindows2003的补丁,反映出微软对该漏洞可能造成的危害评级很高。
    目前,已有安全厂商和个人开发出可利用该漏洞实施远程攻击的漏洞利用代码(POC),按以往经验,大规模攻击很快就会出现。
    二、影响范围
    Windows 7
Window Server 2008Windows Server 2003Window XP
    三、处置建议
    请迅速对主管范围内的使用前述操作系统的主机进行排查,及时升级官方补丁,在网络出入口防火墙禁止来自互联网的对3389端口的访问。

附件:漏洞在线检测工具及官方补丁下载地址

 

附件:

漏洞在线检测工具及官方补丁下载地址

 

一、漏洞检测工具

https://free.360totalsecurity.com/CVE-2019-0708/detector_release.zip
https://www.qianxin.com/other/CVE-2019-0708
https://cloud.nsfocus.com/#/secwarning/secwarning_news?menu_id=urgent

二、微软官方补丁下载地址

操作系统版本

补丁下载链接

Windows 7 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows 7 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded Standard 7 for x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded Standard 7 for x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows Server 2008 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu

Windows Server 2008 Itanium

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu

Windows Server 2008 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

Windows Server 2008 R2 Itanium

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu

Windows Server 2008 R2 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Server 2003 x86

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe

Windows Server 2003 x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe

Windows XP SP3

http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe

Windows XP SP2 for x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe

Windows XP SP3 for XPe

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe

WES09 and POSReady 2009

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-chs_e3fceca22313ca5cdda811f49a606a6632b51c1c.exe

上一篇:
下一篇:

Copyright@信息技术中心
闽ICP备12020660号-1号
福州市网络警察