Information of security of network of more whole world all is in Www.easyaq.com of net of E safety official
One, safe announcementOn May 14, 2019, microsoft released safe this month newer patch, include a RDP among them (long-range desktop serves) the patch of long-range code executive flaw is updated, corresponding CVE number: CVE-2019-0708, pertinent information links:
Https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
Microsoft is as follows to the descriptive content of this patch:
Long-range desktop agreement (RDP) itself suffers attack not easily, this flaw is beforehand identity test and verify, do not need an user alternant, the means of the software of Wannacry ill will that this means software of any prospective ill will that use this loophole to travelled in order to be similar to possibly in the whole world 2017 travels to get the computer of attack easily from the computer that suffers attack easily, although at present we did not discover this flaw is used, but baleful aggressor can be aimed at this flaw probably to write to flaw uses a program and incorporate its in baleful software. Important now is to revamp the system that suffers an effect as soon as possible, in order to prevent this kind of circumstance happening.
To solve this safe problem, this Microsoft offerred safety to update for all clients, in order to protect Windows platform, still offerred a few Windows version that do not support additionally (Windows 2003 and Windows XP) safety is updated, also reflected the seriousness of this safe problem so.
2, influence versionWindows 7 For 32-bit Systems Service Pack 1
Windows 7 For X64-based Systems Service Pack 1
Windows Server 2008 For 32-bit Systems Service Pack 2
Windows Server 2008 For 32-bit Systems Service Pack 2 (Server Core Installation)
Windows Server 2008 For Itanium-Based Systems Service Pack 2
Windows Server 2008 For X64-based Systems Service Pack 2
Windows Server 2008 For X64-based Systems Service Pack 2 (Server Core Installation)
Windows Server 2008 R2 For Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 For X64-based Systems Service Pack 1
Windows Server 2008 R2 For X64-based Systems Service Pack 1 (Server Core Installation)
Windows XP SP3 X86
Windows XP Professional X64 Edition SP2
Windows XP Embedded SP3 X86
Windows Server 2003 SP2 X86
Windows Server 2003 X64 Edition SP2
3, incidenceThrough An Heng academy SUMAP platform is opposite global open long-range desktop agreement (the asset statistic of the TCP 3389 port of RDP) , newest inquiry distributinging situation is as follows:
Through An Heng academy SUMAP platform is opposite domestic open long-range desktop agreement (the asset statistic of the TCP 3389 port of RDP) , newest inquiry distributinging situation is as follows:
The patch is newer related Windows 7, Windows Server 2008 R2 and Windows Server 2008 can consult " Microsoft safety updates a guideline " , visit address: Https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2019-0708.
If current Windows system is the version that Microsoft supports, enabled the client that updates automatically to will update this patch automatically.
If current Windows system is the version that Microsoft does not support, the system that does not support (Windows 2003 and Windows XP) , the optimal method that solves this flaw is the Windows system that upgrades to newest version, at the same time Microsoft also is these old operating systems (Windows 2003 and Windows XP) updated safe patch KB4500705 to come repair this flaw, the patch updates an address: Https://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-0708.
The client of moving Windows 8 and Windows 10 does not suffer the effect of this flaw. To enabling test and verify of network class status (NLA) suffer influence system to be able to alleviate partly. Because NLA is in,spark identity test and verify needs before flaw, because this gets the system of the influence,can resist exploit this loophole possibly " suffer attack easily " baleful software or advanced and baleful software are minatory. But, if aggressor has the significant evidence that can be used at undertaking identity test and verify successfully, the system that suffers an effect is carried out easily still by long-range code (RCE) attack. Stem from these reasons, microsoft suggests strongly to replace all systems that suffer an effect as soon as possible, no matter whether is NLA enabled.
5, safe operation proposalGao Wei: The detail that is aimed at this flaw at present is analysed and use code of short duration to was not made public, nevertheless aggressor can pass patch contrast means to analyse a flaw to spark dot, develop flaw to use code then, the proposal undertakes safety is updated as soon as possible or do very safe consolidate to configure.
If do not need open,long-range desktop has systematic government, the basis ensures safe optimal method, can consider to ban serve with these. Ban conduce to the possibility that reduces occurrence safety flaw with the service that be not used and does not need.
If need open,long-range desktop has systematic government, firewall of proposal open system or IP safe strategy restrict origin IP, allow to appoint IP visit only namely;
Enable strategy of this locality safety (account is politic - the password is politic) , proposal open password must accord with complexity requirement and length the least value, and enable account to lock up calm threshold values;
The consideration uses measure of test and verify of double element identity, enable dynamic Key means for instance;
Maintain systematic safety to update a patch to be newest condition, long-range desktop agreement (RDP) serves for the kernel, the need after installing safe newer patch restarts systematic become effective;
Open system daily record is recorded or record of network safety daily record is opposite the source IP that visits this port undertakes record and filing, so that early-warning is mixed,analyse its to inbreak purpose;
The consideration analyses equipment in discharge of deploy of core switching equipment, discovery defeats the attack behavior that decodes a code to RDP port force, make the strategy that demarcate visits in time to atttacking IP.
Menace pushs act: This flaw carries out flaw for long-range code, the amount that is based on the whole world to use this product user and expose the port case on the net, baleful aggressor may develop the automation that is aimed at this flaw to atttack a program, after implementation flaw uses a success automatic and embedded postern program, release collier order further or be the baleful program such as DDOS corpse trojan achieve vermian transmission, what affect systematic service thereby is normal offer.
Microsoft patch renews a proposal: Every months the 2nd week of Zhouer meets Microsoft to release safety to update a patch regularly, proposal company subscription and attention government security update announcement, check a patch in time or do newer.
The article is reprinted from An Heng lash-up answers a center
Recommend read:
Staff person talks: Wait for those who maintain 2 levels " change " with " changeless "
Software of new ill will of deploy of Korea network spy, use at gathering information of blue tooth equipment
Iran establishs special working group to answer American network to browbeat
Insecure database exposes to the sun the information record that surpasses citizen of 275 million India
Want to visit A website to be enforced to open B website however, get online to be hijacked how to do?
G7 group will in June imitate steps area network attack
