Remote Desktop ClientÔ¶³Ì´úÂëÖ´ÐÐÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-11

¡ñÎó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-0787£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-0788£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-1290£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-1291£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5


¡ñÓ°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÆÕ±éÓ°ÏìÒÔÏ°汾µÄWindows£º


Microsoft Windows 10 for 32λ¡¢64λ¼°ARM64λϵͳ

Microsoft Windows 7 for 32λ¡¢64λSP1

Microsoft Windows 8.1 for 32λ¡¢64λ

Microsoft Windows RT 8.1


CVE-2019-1290/1291ÌØÊâÓ°ÏìÒÔÏ°汾µÄWindows Serverϵͳ£º


Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1

Microsoft Windows Server 2008 R2 for x64-based Systems SP1

Microsoft Windows Server 2012

Microsoft Windows Server 2012 R2

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Microsoft Windows Server 1803/1903


¡ñÎó²î¸ÅÊö


Remote Desktop ClientÊÇ΢ÈíRDPЭÒéµÄ¿Í»§¶ËÊðÀíÈí¼þ£¬£¬£¬£¬£¬£¬ÄÚÖÃÔÚ΢ÈíµÄ²Ù×÷ϵͳÖС£¡£¡£¡£Óû§¿ÉÒÔͨ¹ýRemote Desktop Client´ÓÏÕЩÈκεط½ÅþÁ¬µ½Ô¶³ÌPC£¬£¬£¬£¬£¬£¬²¢¿ÉÒÔ»á¼ûËùÓÐÓ¦ÓóÌÐò£¬£¬£¬£¬£¬£¬ÎļþºÍÍøÂç×ÊÔ´¡£¡£¡£¡£


ÔÚ9ÔÂ10ºÅ΢ÈíÐû²¼µÄÔ¶Ȳ¹¶¡ÖУ¬£¬£¬£¬£¬£¬Ðû²¼ÁË4¸öΣº¦Æ·¼¶ÎªCriticalµÄRDP ¿Í»§¶ËÎó²îµÄÇå¾²²¹¶¡¡£¡£¡£¡£Õâ´ÎÐû²¼µÄ¼¸¸öÎó²î²î±ðÓÚ2019Äê5Ô·ݵÄRDPЭÒé×Ô¼ºµÄÎó²îCVE-2019-0708£¬£¬£¬£¬£¬£¬¶øÊÇRDP¿Í»§¶Ë´úÂëµÄÎó²î£¬£¬£¬£¬£¬£¬Ê¹Óù¤¾ßºÍ·½·¨¶¼ÓÐןܴóµÄ²î±ð¡£¡£¡£¡£


Îó²îλÓÚRDP¿Í»§¶Ë´¦Öóͷ£Í¼ÏñÊÓƵÁ÷µÄÀú³ÌÖУ¬£¬£¬£¬£¬£¬Îó²î±¬·¢µÄÔ­ÓÉÓÚ³ÌÐòÔ±ÔÚÅÌËãÒ»¶ÎÊý¾Ý°üµÄ³¤¶Èʱ·¸ÁËÒ»¸ö¹ýʧ×îÖÕµ¼ÖÂÔ½½ç¶ÁдµÄ¿ÉÔ¶³ÌÖ´ÐеÄÎó²î£¬£¬£¬£¬£¬£¬¸ÃÎó²î¿ÉÒÔÔì³É¿Í»§¶Ë±»Ô¶³ÌÖ÷»ú¿ØÖÆ¡£¡£¡£¡£


ҪʹÓôËÎó²î£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÐèÒª¿ØÖÆЧÀÍÆ÷£¬£¬£¬£¬£¬£¬È»ºóʹÓû§ÅþÁ¬µ½¸ÃЧÀÍÆ÷¡£¡£¡£¡£µ«ÓÉÓÚ¹¥»÷ÕßÎÞ·¨Ç¿ÆÈÓû§ÅþÁ¬µ½¶ñÒâЧÀÍÆ÷£¬£¬£¬£¬£¬£¬ÒÔÊÇ¿ÉÄÜÐèҪͨ¹ý¶àÖÖ·½·¨ÓÕÆ­Óû§ÅþÁ¬£¬£¬£¬£¬£¬£¬ÈçʹÓÃÉç»á¹¤³Ìѧ¡¢DNSÖж¾»òʹÓÃÖÐÐÄÈ˹¥»÷£¨MITM£©¡£¡£¡£¡£¹¥»÷Õß»¹¿ÉÒÔÆÆËðÕýµ±Ð§ÀÍÆ÷£¬£¬£¬£¬£¬£¬ÔÚÆäÉÏÍйܶñÒâ´úÂ룬£¬£¬£¬£¬£¬²¢ÆÚ´ýÓû§ÅþÁ¬¡£¡£¡£¡£ÕâÖÖ¹¥»÷·½·¨µÄÓ°ÏìÁ¦Öش󣬣¬£¬£¬£¬£¬ÇÒÒ»µ©±»Ñ¬È¾£¬£¬£¬£¬£¬£¬ºÜÓпÉÄÜÔì³É´ó¹æÄ£µÄÖ÷»úÏÝÂä¡£¡£¡£¡£¸ÃÖÖ¹¥»÷·½·¨¿É±»¹¥»÷ÕßÓÃÀ´¹¹½¨½©Ê¬ÍøÂç¡£¡£¡£¡£


¡ñÎó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£


¡ñÐÞ¸´½¨Òé


΢Èí¹Ù·½½¨ÒéÓû§¾¡¿ì×°ÖòÙ×÷ϵͳ²¹¶¡¡£¡£¡£¡£


ÉèÖáú¸üкÍÇå¾²¡úWindows Update¡ú¼ì²é×°ÖÃÅÌËã»úÉϵĸüС£¡£¡£¡£


»òÕßÏÂÔصصã¼û²Î¿¼Á´½Ó£¬£¬£¬£¬£¬£¬ÇëÏÂÔضÔÓ¦²¹¶¡×°Öðü£¬£¬£¬£¬£¬£¬Ë«»÷ÔËÐм´¿É¾ÙÐÐÐÞ¸´¡£¡£¡£¡£


¡ñ²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0787


https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0788


https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1290


https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1291