微软 远程桌面服务远程代码实行漏洞安全通告

发布时间 2019-09-09

漏洞编号和级别


CVE编号:CVE-2019-0708,危险级别:严重,CVSS分值:9.8


影响版本


受影响的版本


Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack1

Windows Server 2008 for 32-bit SystemsService Pack 2

Windows Server 2008 for 32-bit SystemsService Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2

Windows Server 2008 for x64-based SystemsService Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-BasedSystems Service Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1

Windows Server 2008 R2 for x64-based SystemsService Pack 1 (Server Core installation)

Windows XP SP3 x86

Windows XP Professional x64 Edition SP2

Windows XP Embedded SP3 x86

Windows Server 2003 SP2 x86

Windows Server 2003 x64 Edition SP2


漏洞概述


5月 14 日,MicroSoft官方发布安全更新,其中修复了 Windows 系统远程桌面服务中存在的远程代码实行漏洞(CVE-2019- 0708)。攻击者在远程且未经授权的情况下,通过发送精心构造的恶意数据包到目标服务器的远程桌面服务端口(默认为 3389),无需其他交互,即可在目标服务器上实行恶意代码,获取系统权限。


直至 9 月 7 日,开源的漏洞利用框架 metasploit-framework 新增了此漏洞的利用模块(cve_2019_0708_bluekeep_rce),漏洞利用工具开始扩散,已经造成蠕虫级的安全威胁。由于可以造成远程代码实行的漏洞利用脚本已经公开,加上此漏洞本身具有可蠕虫传播的性质,有可能会导致类似之前的 WannaCry 蠕虫安全事件发生,因此目前仍未做漏洞修复的用户需尽快更新MicroSoft官方的安全补丁。


漏洞验证


EXP:https://github.com/rapid7/metasploit-framework/pull/12283。


修复建议


官方补丁:


MicroSoft官方已经推出安全更新请参考以下官方安全通告下载并安装最新补丁:

https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708


或根据以下表格查找对应的系统版本下载最新补丁:


操作系统版本

补丁下载链接

Windows 7 x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows 7 x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded  Standard 7 for x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Embedded  Standard 7 for x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x86_6f1319c32d5bc4caf2058ae8ff40789ab10bf41b.msu

Windows Server 2008  x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x64_9236b098f7cea864f7638e7d4b77aa8f81f70fd6.msu

Windows Server 2008  Itanium

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499180-ia64_805e448d48ab8b1401377ab9845f39e1cae836d4.msu

Windows Server 2008  x86

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.0-kb4499149-x86_832cf179b302b861c83f2a92acc5e2a152405377.msu

Windows Server 2008 R2  Itanium

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-ia64_fabc8e54caa0d31a5abe8a0b347ab4a77aa98c36.msu

Windows Server 2008 R2  x64

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/05/windows6.1-kb4499175-x64_3704acfff45ddf163d8049683d5a3b75e49b58cb.msu

Windows Server 2003  x86

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x86-custom-chs_4892823f525d9d532ed3ae36fc440338d2b46a72.exe

Windows Server 2003  x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-chs_f2f949a9a764ff93ea13095a0aca1fc507320d3c.exe

Windows XP SP3

http://download.windowsupdate.com/c/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-custom-chs_718543e86e06b08b568826ac13c05f967392238c.exe

Windows XP SP2 for x64

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsserver2003-kb4500331-x64-custom-enu_e2fd240c402134839cfa22227b11a5ec80ddafcf.exe

Windows XP SP3 for XPe

http://download.windowsupdate.com/d/csa/csa/secu/2019/04/windowsxp-kb4500331-x86-embedded-custom-chs_96da48aaa9d9bcfe6cd820f239db2fe96500bfae.exe

WES09 and POSReady  2009

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/04/windowsxp-kb4500331-x86-embedded-chs_e3fceca22313ca5cdda811f49a606a6632b51c1c.exe


临时解决方案:


若用户不需要用到远程桌面服务,建议禁用该服务。

开启网络级别身份验证(NLA)

关闭TCP端口3389的连接,或对相关服务器做访问来源过滤,只允许可信IP连接。


参考链接


https://github.com/rapid7/metasploit-framework/pull/12283

https://msrc-blog.microsoft.com/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/