服务公告
超高危漏洞CVE-2024-38077
发布时间:2024-08-12 14:06
据描述,由于Windows 远程桌面授权服务在解码数据的函数中缺乏长度校验,导致堆溢出漏洞。未经身份验证的远程攻击者可通过向设置了远程桌面授权服务的服务器发送特制的数据包进行利用,无需用户交互,即可成功利用该漏洞可能导致远程任意代码的执行控制服务器。
漏洞的利用需要开启 Remote Desktop Licensing 服务(该服务默认并未安装,需要人工开启,但有可能在开启远程桌面服务时错误开启)。
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2012 R2 [== KB5040456];
Windows Server 2012 (Server Core installation) [== KB5040485];
Windows Server 2012 [== KB5040485];
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) [== KB5040497];
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) [== KB5040498];
Windows Server 2008 R2 for x64-based Systems Service Pack 1 [== KB5040497];
Windows Server 2008 R2 for x64-based Systems Service Pack 1 [== KB5040498];
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) [== KB5040499];
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) [== KB5040490];
Windows Server 2008 for x64-based Systems Service Pack 2 [== KB5040499];
Windows Server 2008 for x64-based Systems Service Pack 2 [== KB5040490];
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) [== KB5040499];
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) [== KB5040490];
Windows Server 2008 for 32-bit Systems Service Pack 2 [== KB5040499];
Windows Server 2008 for 32-bit Systems Service Pack 2 [== KB5040490];
Windows Server 2016 (Server Core installation) [== KB5040434];
Windows Server 2016 [== KB5040434];
Windows Server 2022, 23H2 Edition (Server Core installation) [== KB5040438];
Windows Server 2022 (Server Core installation) [== KB5040437];
Windows Server 2022 [== KB5040437];
Windows Server 2019 (Server Core installation) [== KB5040430];
Windows Server 2019 [== KB5040430];
2. 缓解措施:
如非业务需要,请禁用 Windows 远程桌面授权服务。
检查是否以如下方式进行了 RDL 服务的安装和激活,如果错误开启,请卸载相关服务:
https://learn.microsoft.com/zh-cn/windows-server/remote/remote-desktop-services/rds-activate-license-server
自查方法:
验证 Remote Desktop Licensing 服务是否启动
方法步骤:
1、cmd命令行输入services.msc,打开服务控制台
2、查找是否存在 Remote Desktop Licensing 服务并处于启用状态
3、若无该服务,则说明默认未安装受影响的服务,不受影响,如存在该服务,则需要进一步判断是否安装最新2024年7月补丁。
补丁对应的操作系统版本信息可以通过如下方式进行快速确认:
1. 检查系统版本
• 步骤 1: 按住“Win+R”组合键调出“运行”窗口。
• 步骤 2: 在运行框中输入“winver”并点击确定。
• 步骤 3: 系统将弹出一个窗口,显示 Windows 版本信息。
2. 版本比对,如果等于或高于如下操作系统对应的版本,则不存在此漏洞,否则存在漏洞
Windows Server 2012 R2 (Server Core installation) 对照版本:6.3.9600.22074
Windows Server 2012 R2 6.3.9600.22074 对照版本:
Windows Server 2012(Server Core installation) 对照版本:6.2.9200.24975
Windows Server 2012 6.2.9200.24975 对照版本:
Windows Server 2008 R2 for x64 based Systems Service Pack(Server Core installation) 对照版本: 6.1.7601.27219
Windows Server 2008 R2 for x64 based Systems Service Pack 1 对照版本:6.1.7601.27219
Windows Server 2008 for x64 based Systems Service Pack 2(Server Core installation) 对照版本:6.0.6003.22769
Windows Server 2008 for x64 based Systems Service Pack 2 对照版本:6.0.6003.22769
Windows Server 2008 for 32 bit Systems Service Pack 2(Server Core installation) 对照版本:6.0.6003.22769
Windows Server 2008 for 32 bit Systems Service Pack 2 对照版本:6.0.6003.22769
Windows Server 2016(Server Core installation) 对照版本:10.0.14393.7159
Windows Server 2016 10.0.14393.7159
Windows Server 2022, 23H2 Edition(Server Core installation) 对照版本:10.0.25398.1009
Windows Server 2022(Server Core installation) 对照版本:10.0.20348.2582
Windows Server 2022 对照版本:10.0.20348.2582
Windows Server 2019(Server Core installation) 对照版本:10.0.17763.6054
Windows Server 2019 对照版本:10.0.17763.6054
上一篇: 浙江省运营商封53端口通知
下一篇: 新开的机器请第一时间更改端口和密码