相當罕見的,微軟推出了重大修正,用來預防 WannaCry 類型的病毒
支援的系統有:
- Windows XP
- Windows XP 64-Bit Edition
- Windows XP Embedded
- Windows Server 2003
- Windows Server 2003, Datacenter Edition
更新包編號為 KB4500331
官方下載點
官方說明:
CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
Security Vulnerability
Published: 05/14/2019
MITRE CVE-2019-0708
MITRE CVE-2019-0708
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
沒有留言:
張貼留言