΢ÈíÔ¶³Ì×ÀÃæ·þÎñÔ¶³Ì´úÂëÖ´Ðзì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-05-15

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-0708£¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ9.8£¬£¬£¬£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Microsoft Windows XP 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2003 0
Microsoft Windows 7 for x64-based Systems SP1

Microsoft Windows 7 for 32-bit Systems SP1


·ì϶¸ÅÊö


΢Èí°ä²¼ÁËÕë¶ÔÔ¶³Ì×ÀÃæ·þÎñ£¨ÒÔÇ°³ÆΪÖն˷þÎñ£©µÄ¹Ø¼üÔ¶³ÌÖ´ÐдúÂë·ì϶CVE-2019-0708µÄ½¨¸´·¨Ê½£¬£¬£¬£¬ £¬£¬¸Ã·ì϶ӰÏìÁËijЩ¾É°æ±¾µÄWindows¡£¡£¡£¡£¡£¡£¡£¡£


RDP·þÎñ´¦Öô«ÈëÒªÇóµÄ·½Ê½´æÔÚ·ì϶¡£¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÄܹ»ÏòRDP·þÎñ·¢ËͶñÒâÒªÇ󣬣¬£¬£¬ £¬£¬ÓÉÓÚδÕýÈ·µÄÒªÇó´¦Ö㬣¬£¬£¬ £¬£¬Ö¸±ê½«Ö´ÐÐ×¢ÈëÒªÇóµÄ¶ñÒâ´úÂë¡£¡£¡£¡£¡£¡£¡£¡£CVE-2019-0708ÊÇÒ»¸öÔ¤Éí·ÝÑéÖ¤·ì϶£¬£¬£¬£¬ £¬£¬²»±ØÒªÓû§½»»¥£¬£¬£¬£¬ £¬£¬Õâ»áµ¼Ö¹¥»÷ÕßÀûÓø÷ì϶ʵÏÖÀàËÆÓÚWannaCryµÄ·½Ê½´«²¼¡£¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC¡¢EXP¡£¡£¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°£¬£¬£¬£¬ £¬£¬Î¢Èí¹Ù·½ÒѾ­°ä²¼²¹¶¡½¨¸´ÁËÉÏÊö·ì϶£¬£¬£¬£¬ £¬£¬½¨ÒéÓû§ÊµÊ±È·ÈÏÊÇ·ñÊܵ½·ì϶ӰÏ죬£¬£¬£¬ £¬£¬¾¡¿ì²ÉÈ¡½¨²¹´ëÊ©£¬£¬£¬£¬ £¬£¬ÒÔÔ¤·ÀDZÔڵݲȫÍþв¡£¡£¡£¡£¡£¡£¡£¡£ÏëÒª½øÐиüУ¬£¬£¬£¬ £¬£¬Ö»Ðèתµ½ÉèÖáú¸üкͰ²È«¡úWindows¸üСú²é³­¸üУ¬£¬£¬£¬ £¬£¬»òÕßÒ²Äܹ»Í¨¹ýÊÖ¶¯½øÐиüС£¡£¡£¡£¡£¡£¡£¡£


Windows 7£¬£¬£¬£¬ £¬£¬Windows 2008 R2£¬£¬£¬£¬ £¬£¬Windows 2008

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708


Windows 2003£¬£¬£¬£¬ £¬£¬Windows XP
https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708


²Î¿¼Á´½Ó


https://www.securityfocus.com/bid/108273/info
https://www.tenable.com/blog/critical-remote-code-execution-vulnerability-cve-2019-0708-addressed-in-patch-tuesday-updates
https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/?from=groupmessage&isappinstalled=0