近期,微软披露最新的远程代码执行 超高危漏洞CVE-2024-38077 , CVSS评分高达9.8 ,可导致开启了远程桌面许可服务的Windows服务器完全沦陷。漏洞影响 Windows Server 2000 到 Windows Server 2025 所有版本,已存在 近30年 。该漏洞 可稳定利用、可远控、可勒索、可蠕虫等 ,破坏力极大,攻击者无须任何权限即可实现远程代码执行。这一漏洞存在于Windows 远程桌面许可管理服务(RDL)中,该服务被广泛部署于开启Windows远程桌面(3389端口)的服务器,用于管理远程桌面连接许可。攻击者无需任何前置条件,无需用户交互(零点击)便可直接获取服务器最高权限,执行任意操作。
大家修复漏洞前需要遵循以下微软要求,否则你将无法安装补丁:
要求一: 《服务堆栈更新》有时内部Windows Update进程或特定的Windows OS更新将失败。为了帮助减少或解决这些故障,应遵循以下准则:尝试安装任何Windows更新之前(始终),请确保安装最新的Windows SSU。
要求二: 《针对 Windows 和 WSUS 的 2019 SHA-2 代码签名支持要求》运行旧版 OS 版本 (Windows 7 SP1、Windows Server 2008 R2 SP1 和 Windows Server 2008 SP2) 的客户需在设备上安装 SHA-2 代码签名支持,才能安装 2019 年 7 月或之后发布的更新。
微软给出的 CVE-2024-38077 漏洞修复地址如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077
根据微软的最新要求,大家在安装 CVE-2024-38077 补丁前,需要安装 前置补丁 服务堆栈更新(SSU),运行旧版 OS 需在设备上安装 SHA-2 代码签名支持 kb4474419 ,支持终止的系统需要持有ESU授权,补丁下载比较繁琐,笔者为大家整理好对应的系统
序号 | 系统版本 | 前置补丁 | 漏洞补丁 |
1 | windows server 2022 | KB5025230 | KB5040437 |
2 | windows server 2019 | kb5005112 | KB5040430 |
3 | windows server 2016 | kb5040562 | KB5040434 |
4 | windows server 2012 R2 | KB5040569 | KB5040456 |
5 | windows server 2012 | KB5040570 | KB5040485 |
6 | windows server 2008 R2 | kb5039339、kb4474419 | KB5040498 |
7 | windows server 2008 x64 | kb5039341 | KB5040490 |
8 | windows server 2008 x86 | kb5039341 | KB5040490 |
[1]
服务堆栈更新: https://learn.microsoft.com/zh-cn/windows/deployment/update/servicing-stack-updates#what-is-a-servicing-stack-update
[2]
针对 Windows 和 WSUS 的 2019 SHA-2 代码签名支持要求: https://support.microsoft.com/zh-cn/topic/针对-windows-和-wsus-的-2019-sha-2-代码签名支持要求-64d1c82d-31ee-c273-3930-69a4cde8e64f
[3]
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077?spm=wolai.workspace.0.0.6d004f9e5sU3XA
[4]
kb4474419 : https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
[5]
KB5025230: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5025230
[6]
KB5040437: https://catalog.update.microsoft.com/Search.aspx?spm=wolai.workspace.0.0.6d004f9e5sU3XA&q=KB5040437
[7]
kb5005112: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2021/08/windows10.0-kb5005112-x64_81d09dc6978520e1a6d44b3b15567667f83eba2c.msu
[8]
KB5040430: https://catalog.update.microsoft.com/Search.aspx?q=KB5040430
[9]
kb5040562: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/07/windows10.0-kb5040562-x64_cef5da8db3d043f85378126b220a5286bcfbf25b.msu
[10]
KB5040434: https://catalog.update.microsoft.com/Search.aspx?q=KB5040434
[11]
KB5040569: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/07/windows8.1-kb5040569-x64_34fb2b6ce232e9ddaab4dada6f3fbb6a4c642918.msu
[12]
KB5040456: https://catalog.update.microsoft.com/Search.aspx?q=KB5040456
[13]
KB5040570: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/07/windows8-rt-kb5040570-x64_a35abae859610e4df260d327e666c65ae48d238c.msu
[14]
KB5040485: https://catalog.update.microsoft.com/Search.aspx?q=KB5040485
[15]
kb5039339: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/06/windows6.1-kb5039339-x64_f62846508976a6e5325ab1dca0783f9b3a60a564.msu
[16]
kb4474419: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
[17]
KB5040498: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498
[18]
kb5039341: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/06/windows6.0-kb5039341-x64_2dfad504a6771157472ed3647d021e7b3211c505.msu
[19]
KB5040490: https://catalog.update.microsoft.com/Search.aspx?q=KB5040490
[20]
kb5039341: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/06/windows6.0-kb5039341-x86_7a86cb8540059ece4f1a420d62392446dfc8c80d.msu
[21]
KB5040490: https://catalog.update.microsoft.com/Search.aspx?q=KB5040490