佚名MYHACK58:62201995523Windows Remote Desktop Services remote command execution vulnerability, CVE-2019-1181/1182-a vulnerability warning-the black bar safety net
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
One, Foreword
GMT + 8 on 14 October, Microsoft released a set for the Remote Desktop service repair program, which includes two critical remote code execution(RCE)vulnerability CVE-2019-1181 and CVE-2019-1182。 With the prior repair of the“BlueKeep”vulnerability, CVE-2019-0708)the same. This also means that an attacker can use the vulnerability to make similar to 2017 swept the world of WannaCry class of worm virus, large-scale spread and destruction.
!
Second, the vulnerability profile
Remote Desktop Services formerly known as Terminal Services in remote code execution vulnerability exists when an unauthenticated attackers use RDP to connect to the target system and send a specially crafted request, an attacker can be on the target system, execute arbitrary code, the attacker could then install programs, view, change, or delete data; or create full user permissions to the new account. To exploit this vulnerability, an attacker would only need to via RDP to the target system the Remote Desktop service send a malicious request.
Third, the vulnerability to hazards
Successful exploitation of this vulnerability an attacker can be on the target system, execute arbitrary code, the attacker could then install programs, view, change, or delete data; or create full user permissions to the new account.
Fourth, the scope of the impact
Product
Windows operating systems
Version
Windows 7 SP1
Windows Server 2008 R2 SP1
Windows Server 2012
Windows 8.1
Windows Server 2012 R2
All the supported edition of Windows 10, including server version component
Remote Desktop Services
Five, the solution
Official patch
Through the Windows operating systemin the Automatic Update feature to be updated
Temporary solution recommendations
1, disable remote desktop services
2, in the firewall for Remote Desktop Services port(3389)is blocked
3, open the Remote Desktop service enabled on the server the network authentication
Sixth, the reference
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/?from=timeline
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
The above is the high-risk vulnerability and early warning related information, if you have any questions or need more support, you can contact us.
Contact phone: 400-156-9866
Email: [email protected]
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%