微软8月安全更新补丁多个高危漏洞预警

释放双眼,带上耳机,听听看~!

Hackingday|议题征集(广州站)

专注渗透测试技术 全球最新网络攻击技术 END

安全公告

2019年8月13日,微软发布了8月份安全更新补丁,其中包含多个可能被利用的远程桌面服务远程执行代码漏洞,CVE编号:CVE-2019-1181、CVE-2019-1182、CVE-2019-1222、CVE-2019-1226,以及可能导致信息泄露的CVE-2019-1224、CVE-2019-1225,漏洞公告:

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1181

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1182

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1222

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1226

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1224

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-1225

根据公告,该漏洞与5月14号发布的CVE-2019-0708远程桌面服务远程执行代码漏洞类似,无需身份验证,无需用户交互,成功利用此漏洞的攻击者可以在目标系统上执行任意代码,建议尽快更新安全更新补丁。

CVE-2019-0708漏洞公告:

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-0708

月度安全更新补丁中还包含多个HTTP/2 协议堆栈 (HTTP.sys) 拒绝服务漏洞,CVE编号:CVE-2019-9511、CVE-2019-9512、CVE-2019-9513、CVE-2019-9518,成功利用此漏洞可以导致目标系统停止响应,从而引发拒绝服务,漏洞公告:

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-9511

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-9512

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-9513

https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-9518

8月更新说明参考:

https://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d



影响版本

CVE-2019-1181、CVE-2019-1182影响系统版本:

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

CVE-2019-1222、CVE-2019-1226影响系统版本:

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

匿名者组织针对银行系统的OpIcarus 2018攻击公告

01   OpIcarus 2018   2018年12月11日,疑似匿名者(Anonymous)组织成员Lorian Synaro在推特上号召发起针对全球中央银行网站的攻击行动OpIcarus 2018或OpIcarus 2.0,发起者信息: https://twitter.com/LorianSynaro 根据OpIcarus历史记录,OpIcarus首次发起

CVE-2019-1224、CVE-2019-1225影响系统版本:

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

CVE-2019-9511、CVE-2019-9512、CVE-2019-9513、CVE-2019-9518影响系统版本:

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)


影响范围

通过安恒研究院SUMAP平台针对全球Windows远程桌面服务(默认TCP 3389端口)的资产情况统计,最新查询分布情况如下:



通过安恒研究院SUMAP平台针对国内Windows远程桌面服务(默认TCP 3389端口)的资产情况统计,最新查询分布情况如下:



缓解措施

高危:目前针对该漏洞的细节分析和利用代码暂未公开,不过攻击者可以通过补丁对比方式分析出漏洞触发点,进而开发漏洞利用代码,建议尽快进行安全更新或做好安全加固配置。

针对启用远程桌面服务的安全运营建议:

推荐启用网络级别身份验证(NLA)的方法能缓解攻击尝试,选择“仅允许运行使用网络级别身份验证的远程桌面的计算机连接(建议)”



如果需要开启远程桌面进行系统管理,建议开启系统防火墙或IP安全策略限制来源IP,即只允许指定IP访问;

启用本地安全策略(账户策略-密码策略),建议开启密码必须符合复杂性要求和长度最小值,以及启用账户锁定阀值;

考虑使用双因素身份验证措施,比如启用动态Key方式;

保持系统安全更新补丁为最新状态,远程桌面协议(RDP)为内核服务,安装安全更新补丁后需要重启系统生效;

开启系统日志记录或网络安全设备日志记录对访问该端口的源IP进行记录和存档,以便公告和分析其入侵企图;

考虑在核心交换机部署流量分析设备,发现对远程桌面服务端口(默认是TCP3389)暴力破解密码的攻击行为,及时对攻击IP做限定访问的策略。

对于HTTP/2 协议堆栈 (HTTP.sys) 拒绝服务漏洞,可以临时设置注册表键值缓解:

HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters路径的EnableHttp2TIs和EnableHttp2Cleartext值设置为以下之一:

设置为 0 以禁用 HTTP/2

设置为 1 以启用 HTTP/2

威胁推演:此漏洞为远程代码执行漏洞,基于全球启用该服务的数量和暴露在网上的端口情况,恶意攻击者可能会开发针对该漏洞的自动化攻击程序,实现漏洞利用成功后自动植入后门程序,并进一步释放矿工程序或是DDOS僵尸木马等恶意程序达到蠕虫传播,从而影响到系统服务的正常提供。


微软补丁更新建议:微软每月第二周周二会定期发布安全更新补丁,建议企业订阅和关注官方安全更新公告,及时测试补丁或做更新。


专注渗透测试技术

全球最新网络攻击技术

END


——

———


本文源自微信公众号:雷神众测

泛微e-cology OA SQL注入漏洞公告

1.安全公告 2019年10月10日,泛微e-cology OA发布了安全更新补丁,修复了一个SQL注入漏洞,相关链接: https://www.weaver.com.cn/cs/securityDownload.asp 同时,国家信息安全漏洞共享平台(CNVD)也收录了该漏洞,编号:CNVD-2019-34241,相关链接: https:

人已赞赏
安全工具

Fortigate SSL VPN 漏洞预警

2019-10-14 14:30:39

安全工具

Hackingday|议题征集(广州站)

2019-10-14 14:30:49

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索