• <menu id="iqiqw"><strong id="iqiqw"></strong></menu>
  • <nav id="iqiqw"></nav>
  • <menu id="iqiqw"></menu>
  • 4008-051-833
    您的位置:首頁 > 新聞聚焦 > 煥興新聞

    Windows SMB 安全漏洞預警

    來源:    2017-10-17

    2017年10月10日,微軟發布了2017年10月安全更新公告,修補了多個高危漏洞,根據公告描述受影響的系統從Windows Server 2008到Windows 10都包含:
    Windows 10 1703
    Windows 10 1607
    Windows Server 2016
    Windows 10 1511
    Windows 10 RTM
    Windows 8.1
    Windows Server 2012 R2
    Windows Server 2012
    Windows 7
    Windows Server 2008 R2
    Windows Server 2008


    軟件更新摘要:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/summary

    同時也包含客戶端安全更新,特別是已經有在利用的Office漏洞:
    Internet Explorer
    Microsoft Edge
    Office
    SharePoint


    漏洞可利用情況

    根據公告,CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞攻擊成功率很高,利用代碼一旦公開可能會有惡意攻擊者用來制造蠕蟲傳播;在局域網情形中CVE-2017-11771的Windows Search遠程代碼執行漏洞也是通過SMB連接遠程觸發,攻擊成功后即可控制目標計算機;同時CVE-2017-11779的Windows DNSAPI遠程執行代碼漏洞,也可能受到攻擊者建立的一臺惡意DNS服務器的虛假響應而被攻擊;而CVE-2017-11826的Microsoft Office內存損壞漏洞利用樣本已經出現在攻擊行動中,建議盡快安裝安全更新補丁和采取相應的緩解措施保護系統安全運行。

    影響版本范圍

    其中CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞影響如下系統版本:
    Windows 10 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 Version 1511 for 32-bit Systems
    Windows 10 Version 1511 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1703 for 32-bit Systems
    Windows 10 Version 1703 for x64-based Systems
    Windows 7 for 32-bit Systems Service Pack 1
    Windows 7 for x64-based Systems Service Pack 1
    Windows 8.1 for 32-bit systems
    Windows 8.1 for x64-based systems
    Windows RT 8.1
    Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for Itanium-Based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2012
    Windows Server 2012 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2016
    Windows Server 2016 (Server Core installation)
    微軟更新指南:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780

    其中CVE-2017-11771的Windows Search遠程代碼執行漏洞影響如下系統版本:
    Windows 10 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 Version 1511 for 32-bit Systems
    Windows 10 Version 1511 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1703 for 32-bit Systems
    Windows 10 Version 1703 for x64-based Systems
    Windows 7 for 32-bit Systems Service Pack 1
    Windows 7 for x64-based Systems Service Pack 1
    Windows 8.1 for 32-bit systems
    Windows 8.1 for x64-based systems
    Windows RT 8.1
    Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for Itanium-Based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2012
    Windows Server 2012 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2016
    Windows Server 2016 (Server Core installation)
    微軟更新指南:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771

    其中CVE-2017-11779的Windows DNSAPI遠程執行代碼漏洞影響如下系統版本:
    Windows 10 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 Version 1511 for 32-bit Systems
    Windows 10 Version 1511 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1703 for 32-bit Systems
    Windows 10 Version 1703 for x64-based Systems
    Windows 8.1 for 32-bit systems
    Windows 8.1 for x64-based systems
    Windows RT 8.1
    Windows Server 2012
    Windows Server 2012 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2016
    Windows Server 2016 (Server Core installation)
    微軟更新指南:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779

    其中CVE-2017-11826的Microsoft Office內存損壞漏洞影響如下Office版本:
    Microsoft Office Compatibility Pack Service Pack 3    
    Microsoft Office Online Server 2016    
    Microsoft Office Web Apps Server 2010 Service Pack 2    
    Microsoft Office Web Apps Server 2013 Service Pack 1    
    Microsoft Office Word Viewer    
    Microsoft SharePoint Enterprise Server 2016    
    Microsoft Word 2007 Service Pack 3    
    Microsoft Word 2010 Service Pack 2 (32-bit editions)    
    Microsoft Word 2010 Service Pack 2 (64-bit editions)    
    Microsoft Word 2013 RT Service Pack 1    
    Microsoft Word 2013 Service Pack 1 (32-bit editions)    
    Microsoft Word 2013 Service Pack 1 (64-bit editions)    
    Microsoft Word 2016 (32-bit edition)    
    Microsoft Word 2016 (64-bit edition)    
    Word Automation Services(Microsoft SharePoint Server 2013 Service Pack 1)
    Word Automation Services(Microsoft SharePoint Server 2010 Service Pack 2)
    微軟更新指南:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826


    緩解措施(安全應急建議等)

    緊急:目前攻擊代碼已經出現強烈建議盡快安裝安全更新補丁


    優先措施:個人電腦開啟防火墻攔截外部訪問本機TCP445端口,服務器開啟安全策略限制指定IP訪問本機TCP445端口。

    補丁更新:可以通過系統自帶的更新功能打補丁,也可以單獨安裝具體的補丁,對應版本參考如下微軟更新指南:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826
    找到對應的系統版本,點擊“Security Update”即可下載單獨的補丁。

    安全配置:如果某些特殊環境下的系統不方便打補丁,可以參考如下安全配置進行變通處理。
    針對CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞,可以參考如何在 Windows 和 Windows Server 中啟用和禁用SMBv1、SMBv2和SMBv3的指南:
    https://support.microsoft.com/zh-cn/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and

    CVE-2017-11771的Windows Search遠程代碼執行漏洞,可以參考禁用WSearch服務的方法:
    https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771

    安全應急建議:Windows SMB的漏洞在歷史上出現過嚴重蠕蟲傳播攻擊,強烈建議盡快更新安全補丁和繼續關注安全威脅動態。

    新聞聚焦
    亚洲欧美人成人综合在线
  • <menu id="iqiqw"><strong id="iqiqw"></strong></menu>
  • <nav id="iqiqw"></nav>
  • <menu id="iqiqw"></menu>