Report number: B6-2019-052001
Update date: 2019-05-20
0x00 incident settingBeijing time on May 15, windows is exposed to the sun to give to destroy the Gao Wei with vast power again long-range flaw CVE-2019-0708. Once aggressor uses this loophole into utility, can implement aleatoric code on target system, include to get sensitive information, implement long-range code, initiate reject to serve attack to atttack behavior etc. And more serious is, of this flaw spark need not the user is alternant, the WannaCry that aggressor can make can sweep across the whole world than 2017 with this flaw kind vermian virus, undertake large-scale transmission is mixed thereby destroy.
0x01 incidence Windows 7Windows Server 2008 R2Windows Server 2008Windows 2003Windows XPThere is 4 million about inside global limits at present, domestic near 900 thousand leader open long-range desktop serves and expose go up in Internet. Once atttack code to make public, these lead plane become the target that the hacker atttacks likely at any time.
Because this flaw is beforehand identity attestation, and do not need an user alternant, can implement aleatoric code remotely below the situation that does not need user interpose. This is meant, use this flaw to be able to make the worm of automation, large-scale, termless attack, can resemble bush fire quickly spreading to whole network euqally, bring about the likelihood finally in those days " lasting blue " the WannaCry that flaw weapon causes blackmails what vermian virus atttacks to repeat once more.
0x02 flaw detectsCurrent, 360 safe cerebra already had the long-range scanning capacity of ability of corresponding PoC test and verify and nondestructive, through 360 safety the flaw expert of cerebrum fastens the thorough analysis of all and research, 360 had formed the test and verify that is aimed at this flaw, rehabilitate at present, detect the unifinication of scanning, hot rehabilitate, actual combat defends plan, the whole world rolls out tool of scanning of nondestructive of 360RDP long-range flaw solely.
The advantage of this tool is need not any deploy, can instantaneous test and verify is many system (include inside of net and public network) , to be being done not have by testing system any bad influences. With PoC ruinous flaw scanning and photograph of test and verify are compared, whole journey of tool of scanning of nondestructive of 360RDP long-range flaw won't spark flaw, won't bring about computer like PoC tool more La Bing, break down phenomenon, maintain a system from beginning to end stable, fluent, do not suffer any effects.
Next graphs measure flaw for long-range check not the circumstance of repair:
Next graphs measure flaw for long-range check already the circumstance of repair:
- Raise safe consciousness, do not click the mail with unidentified origin, documentation, link to wait at will, wait for commonly used software in time to hit good patch for operating system, IE, Flash. Important documentation, data often should do backup, once the file damages or missing, also can in time search. The countersign that computer installs wants enough and complex, include number, big lowercase, sign and length should have 8 at least, do not use weak password, in case aggressor defeats solution. Avoid to serve long-range desktop (RDP, acquiescent port is 3389) expose go up in public network (if go to the lavatory for long-distance use dimension,be necessary truly open, the ability after can loginning through VPN is visited) , shut 445, 139, 135 wait for needless port. Suggest broad user heads for Http://dl.360safe.com/leakfixer/360SysVulTerminator_CVE-2019-0708.exe, download uses 360 long-range desktops to serve flaw immunity tool, repair flaw, protect user system and data security.
Through 360 safety at present cerebrum is monitored, because of this flaw influence is Windows server, at present server of orgnaization of politics look forward to is in much (public network, inside net) on, existing to was not hit patch or hit a patch (did not restart) circumstance, still put in safe hidden trouble, 360 whole worlds roll out tool of scanning of nondestructive of RDP long-range flaw solely, those who have demand is enterprise or business the network manager of the unit provides a company or unit name and connection means are sent to Cert@360.cn, we can get in touch with you as soon as possible.
0x04 time line2019-05-14 Microsoft government issues safe announcement
2019-05-15 360CERT releases early-warning
0x05 reference is linked- Https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
