微软8月安全补丁多个高危漏洞预警

发布者:蔡瑞奎发布时间:2019-11-14浏览次数:286

2019年8月13日,微软发布了8月份安全更新补丁,其中包含两个可能被利用的远程桌面服务远程执行代码漏洞,CVE编号:CVE-2019-1181和CVE-2019-1182;月度安全更新补丁中还包含3个HTTP/2  协议堆栈 (HTTP.sys)  拒绝服务漏洞,CVE编号:CVE-2019-9511、CVE-2019-9512、CVE-2019-9513,成功利用此漏洞可以导致目标系统停止响应,从而引发拒绝服务.

影响版本(CVE-2019-1181和CVE-2019-1182):

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

修复建议

临时修复建议:

关闭企业边界防火墙上的TCP端口3389

如果系统上不再需要这些服务,可以考虑禁用

在受支持的Windows 7、Windows Server 2008和Windows Server 2008 R2版本的系统上启用网络身份验证(NLA),这使得攻击者首先需要使用目标系统上的有效帐户对远程桌面服务进行身份验证然后才能利用该漏洞

微软补丁更新建议:

目前,微软官方已发布补丁修复此漏洞,建议用户将相关系统版本立即升级至最新版本:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1222

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1226