长亭百川云 - 文章详情

微软超高危漏洞“狂躁许可”快速修复指南

outmansec

509

2024-08-09

1.漏洞概述

近期,微软披露最新的远程代码执行 超高危漏洞CVE-2024-38077 , CVSS评分高达9.8 ,可导致开启了远程桌面许可服务的Windows服务器完全沦陷。漏洞影响 Windows Server 2000Windows Server 2025 所有版本,已存在 近30年 。该漏洞 可稳定利用、可远控、可勒索、可蠕虫等 ,破坏力极大,攻击者无须任何权限即可实现远程代码执行。这一漏洞存在于Windows 远程桌面许可管理服务(RDL)中,该服务被广泛部署于开启Windows远程桌面(3389端口)的服务器,用于管理远程桌面连接许可。攻击者无需任何前置条件,无需用户交互(零点击)便可直接获取服务器最高权限,执行任意操作。

2.漏洞修复

大家修复漏洞前需要遵循以下微软要求,否则你将无法安装补丁:

要求一: 《服务堆栈更新》有时内部Windows Update进程或特定的Windows OS更新将失败。为了帮助减少或解决这些故障,应遵循以下准则:尝试安装任何Windows更新之前(始终),请确保安装最新的Windows SSU。

要求二: 《针对 Windows 和 WSUS 的 2019 SHA-2 代码签名支持要求》运行旧版 OS 版本 (Windows 7 SP1、Windows Server 2008 R2 SP1 和 Windows Server 2008 SP2) 的客户需在设备上安装 SHA-2 代码签名支持,才能安装 2019 年 7 月或之后发布的更新。

微软给出的 CVE-2024-38077 漏洞修复地址如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077

3.补丁下载

根据微软的最新要求,大家在安装 CVE-2024-38077 补丁前,需要安装 前置补丁 服务堆栈更新(SSU),运行旧版 OS 需在设备上安装 SHA-2 代码签名支持 kb4474419 ,支持终止的系统需要持有ESU授权,补丁下载比较繁琐,笔者为大家整理好对应的系统





序号系统版本前置补丁漏洞补丁
1windows server 2022KB5025230KB5040437
2windows server 2019kb5005112KB5040430
3windows server 2016kb5040562KB5040434
4windows server 2012 R2KB5040569KB5040456
5windows server 2012KB5040570KB5040485
6windows server 2008 R2kb5039339、kb4474419KB5040498
7windows server 2008 x64kb5039341KB5040490
8windows server 2008 x86kb5039341KB5040490

引用链接

[1] 服务堆栈更新: https://learn.microsoft.com/zh-cn/windows/deployment/update/servicing-stack-updates#what-is-a-servicing-stack-update
[2] 针对 Windows 和 WSUS 的 2019 SHA-2 代码签名支持要求: https://support.microsoft.com/zh-cn/topic/针对-windows-和-wsus-的-2019-sha-2-代码签名支持要求-64d1c82d-31ee-c273-3930-69a4cde8e64f
[3] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077?spm=wolai.workspace.0.0.6d004f9e5sU3XA
[4] kb4474419 : https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
[5] KB5025230: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5025230
[6] KB5040437: https://catalog.update.microsoft.com/Search.aspx?spm=wolai.workspace.0.0.6d004f9e5sU3XA&q=KB5040437
[7] kb5005112: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2021/08/windows10.0-kb5005112-x64_81d09dc6978520e1a6d44b3b15567667f83eba2c.msu
[8] KB5040430: https://catalog.update.microsoft.com/Search.aspx?q=KB5040430
[9] kb5040562: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/07/windows10.0-kb5040562-x64_cef5da8db3d043f85378126b220a5286bcfbf25b.msu
[10] KB5040434: https://catalog.update.microsoft.com/Search.aspx?q=KB5040434
[11] KB5040569: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/07/windows8.1-kb5040569-x64_34fb2b6ce232e9ddaab4dada6f3fbb6a4c642918.msu
[12] KB5040456: https://catalog.update.microsoft.com/Search.aspx?q=KB5040456
[13] KB5040570: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/07/windows8-rt-kb5040570-x64_a35abae859610e4df260d327e666c65ae48d238c.msu
[14] KB5040485: https://catalog.update.microsoft.com/Search.aspx?q=KB5040485
[15] kb5039339: https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/06/windows6.1-kb5039339-x64_f62846508976a6e5325ab1dca0783f9b3a60a564.msu
[16] kb4474419: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
[17] KB5040498: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040498
[18] kb5039341: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/06/windows6.0-kb5039341-x64_2dfad504a6771157472ed3647d021e7b3211c505.msu
[19] KB5040490: https://catalog.update.microsoft.com/Search.aspx?q=KB5040490
[20] kb5039341: https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/06/windows6.0-kb5039341-x86_7a86cb8540059ece4f1a420d62392446dfc8c80d.msu
[21] KB5040490: https://catalog.update.microsoft.com/Search.aspx?q=KB5040490

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2