2019年8月14日,国家信息安全漏洞共享平台(CNVD)收录了Microsoft远程桌面服务远程代码执行漏洞(CNVD-2019-27323 、CNVD-2019-27324、 CNVD-2019-27325 、CNVD-2019-27326)。攻击者利用该漏洞,可在未授权的情况下远程执行代码。目前,漏洞细节虽未公开,但已引起社会高度关注,微软公司已发布官方补丁。
一、漏洞情况分析
Microsoft Windows是美国微软公司发布的视窗操作系统。远程桌面连接是微软从Windows 2000 Server开始提供的组件。
2019年8月13日,微软发布了安全更新补丁,其中修复了4个远程桌面服务远程代码执行漏洞, CVE编号分别为:CVE-2019-1181、CVE-2019-1182、CVE-2019-1222、CVE-2019-1226。未经身份验证的攻击者利用该漏洞,向目标服务端口发送恶意构造请求,可以在目标系统上执行任意代码。该漏洞的利用无需进行用户交互操作,存在被不法分子利用进行蠕虫攻击的可能。
CNVD对该漏洞的综合评级为“高危”。
二、漏洞影响范围
上述漏洞影响的产品版本包括:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-basedSystems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-basedSystems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-basedSystems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-basedSystems
Windows 10 Version 1803 for x64-basedSystems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-basedSystems
Windows 10 Version 1809 for x64-basedSystems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-basedSystems
Windows 10 Version 1903 for x64-basedSystems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems ServicePack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for tanium-BasedSystems Service Pack 1
Windows Server 2008 R2 for x64-basedSystems Service Pack 1
Windows Server 2008 R2 for x64-basedSystems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Coreinstallation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Coreinstallation)
Windows Server 2016
Windows Server 2016 (Server Coreinstallation)
Windows Server 2019
Windows Server 2019 (Server Coreinstallation)
Windows Server, version 1803 (Server CoreInstallation)
Windows Server, version 1903 (Server Coreinstallation
三、漏洞处置建议
目前,微软官方已发布补丁修复此漏洞,CNVD建议用户立即升级至最新版本:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226
附:参考链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226