高危漏洞預警 Windows系統 SMB/RDP遠程命令執行漏洞
2017年4月14日,國(guó)外黑客組織Shadow Brokers發(fā)出了NSA方程式組織的機密文檔,包含了多個Windows 遠程漏洞利用工具,該工具包可以可以覆蓋全球70%的Windows服務器,爲了确保您在阿裡(lǐ)雲上的業務安全,請您關注,具體漏洞詳情如下:
漏洞編号:
暫無
漏洞名稱:
Windows系統多個SMB\RDP遠程命令執行漏洞
官方評級:
高危
漏洞描述:
國(guó)外黑客組織Shadow Brokers發(fā)出了NSA方程式組織的機密文檔,包含了多個Windows 遠程漏洞利用工具,該工具包可以可以覆蓋全球70%的Windows服務器,可以利用SMB、RDP服務成(chéng)功入侵服務器。
漏洞利用條件和方式:
可以通過(guò)發(fā)布的工具遠程代碼執行成(chéng)功利用該漏洞。
漏洞影響範圍:
已知受影響的Windows版本包括但不限于:
Windows NT,Windows 2000、Windows XP、Windows 2003、Windows Vista、Windows 7、Windows 8,Windows 2008、Windows 2008 R2、Windows Server 2012 SP0。
漏洞檢測:
确定服務器對(duì)外開(kāi)啓了137、139、445、3389端口,排查方式如下:
外網計算機上telnet 目标地址445,例如:telnet 114.114.114.114 445
漏洞修複建議(或緩解措施):
1.針對(duì)使用中的Windows服務器
微軟已經(jīng)發(fā)出通告 ,強烈建議您直接使用 Windows Update 功能(néng)爲在使用中的ECS更新最新補丁或手工下載以下補丁安裝;
1)Windows Update更新補丁方式:點擊“開(kāi)始”->“控制面(miàn)闆”->“Windows Update” ,點擊“檢查更新”:
2)安裝更新:
3)檢查安裝結果,點擊“查看更新曆史記錄”,檢查安裝的補丁:
4)安裝完成(chéng)後(hòu),補丁安裝狀态爲“挂起(qǐ)”,重啓後(hòu)生效:
補丁鏈接
1.微軟公告MS17-010
https://technet.microsoft.com/zh-cn/library/security/MS17-010
對(duì)應漏洞編号:
CVE-2017-0143、CVE-2017-0144、CVE-2017-0145、CVE-2017-0146、CVE-2017-0147、CVE-2017-0148
補丁下載鏈接:
1)微軟補丁編号:KB4012212
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212
2)微軟補丁編号:KB4012213
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012213
3)微軟補丁編号:KB4012214
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012214
4)微軟補丁編号:KB4012215
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012215
5)微軟補丁編号:KB4012216
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012216
6)微軟補丁編号:KB4012217
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012217
7)微軟補丁編号:KB4012598
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
8)微軟補丁編号:KB4013198
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013198
9)微軟補丁編号:KB4013429
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429
10)微軟補丁編号:KB4012606
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012606
2.微軟公告MS10-061
https://technet.microsoft.com/zh-cn/library/security/MS10-061
對(duì)應漏洞編号:
CVE-2010-2729
補丁下載鏈接:
1)微軟補丁編号:KB2347290
http://www.microsoft.com/downloads/details.aspx?FamilyID=93FABA6B-0A85-4ACC-B527-A012BBF56B13&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=028977FD-0F39-42D4-9FEE-0D90A2931CFD&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=073B3305-4A81-4EF8-B6AA-E53B31A936B4&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=11E20088-1BE2-4166-9C97-234B7E9F1C4F&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=34619E9E-1F00-40E4-BE6F-5BBF5E3C801B&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=3D79680B-C071-462F-9CEA-551FBD42EDF0&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=C68B9337-883D-4E98-BA0A-90B5CAD46184&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=DBB747A5-658D-44CF-BD49-425D1700157F&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=E08D4F49-5A13-4E1D-B0A7-27B314C2EDB5&displayLang=zh-cn
http://www.microsoft.com/downloads/details.aspx?FamilyID=E2E788DE-8400-4BF6-B96B-A915154AA20A&displayLang=zh-cn
http://www.microsoft.com/downloads/en/details.aspx?familyid=098537D5-BF6E-4E04-AD33-1CDE697E062F&displaylang=en
http://www.microsoft.com/downloads/en/details.aspx?familyid=9F7F3737-056D-44BD-B644-51093B5B501B&displaylang=en
http://www.microsoft.com/downloads/en/details.aspx?familyid=CA35A520-C4DA-41BB-ABCC-D5BC534FF19A&displaylang=en
http://www.microsoft.com/downloads/en/details.aspx?familyid=D8C635F8-8978-44BF-B457-E07368F08EF4&displaylang=en
3.微軟公告MS14-068
https://technet.microsoft.com/zh-cn/library/security/MS14-068
對(duì)應漏洞編号:
CVE-2014-6324
補丁下載鏈接:
1)微軟補丁編号:KB3011780
http://www.microsoft.com/zh-CN/download/details.aspx?id=44960
http://www.microsoft.com/zh-CN/download/details.aspx?id=44970http://www.microsoft.com/en-us/download/details.aspx?id=44984
http://www.microsoft.com/zh-CN/download/details.aspx?id=44967http://www.microsoft.com/zh-CN/download/details.aspx?id=44971
http://www.microsoft.com/en-us/download/details.aspx?id=44983http://www.microsoft.com/zh-CN/download/details.aspx?id=44978
http://www.microsoft.com/zh-CN/download/details.aspx?id=44981http://www.microsoft.com/en-us/download/details.aspx?id=44973
http://www.microsoft.com/zh-CN/download/details.aspx?id=44982http://www.microsoft.com/zh-CN/download/details.aspx?id=44979
http://www.microsoft.com/zh-CN/download/details.aspx?id=44976http://www.microsoft.com/zh-CN/download/details.aspx?id=44965
4.微軟公告MS09-050
https://technet.microsoft.com/zh-cn/library/security/MS09-050
對(duì)應漏洞編号:
CVE-2009-2526、CVE-2009-2532、CVE-2009-3103
補丁下載鏈接:
1)微軟補丁編号:KB975517
https://www.microsoft.com/en-us/download/details.aspx?id=2578
https://www.microsoft.com/en-us/download/details.aspx?id=12010
https://www.microsoft.com/en-us/download/details.aspx?id=3486
https://www.microsoft.com/en-us/download/details.aspx?id=3195
https://www.microsoft.com/en-us/download/details.aspx?id=11858
5.微軟公告MS08-067
https://technet.microsoft.com/zh-cn/library/security/MS08-067
對(duì)應漏洞編号:
CVE-2008-4250
補丁下載鏈接:1)微軟補丁編号:KB958644
https://www.microsoft.com/en-us/download/details.aspx?id=11141
https://www.microsoft.com/en-us/download/details.aspx?id=16713
https://www.microsoft.com/en-us/download/details.aspx?id=18905
https://www.microsoft.com/en-us/download/details.aspx?id=19478
https://www.microsoft.com/en-us/download/details.aspx?id=20113
https://www.microsoft.com/en-us/download/details.aspx?id=21663
https://www.microsoft.com/en-us/download/details.aspx?id=21974
https://www.microsoft.com/en-us/download/details.aspx?id=3205
https://www.microsoft.com/en-us/download/details.aspx?id=3404
https://www.microsoft.com/en-us/download/details.aspx?id=530
https://www.microsoft.com/en-us/download/details.aspx?id=5873
https://www.microsoft.com/en-us/download/details.aspx?id=6185
https://www.microsoft.com/en-us/download/details.aspx?id=6203
https://www.microsoft.com/en-us/download/details.aspx?id=7605