近日,通过对网络监测发现微软 Windows 认证相关漏洞(CVE-2019-1040)。该漏洞存在于 Windows 认证机制中。攻击者通过利用该漏洞可造成多种不同的危害。其中,最严重危害为:通过利用该漏洞,攻击者在仅有一个普通域账号的情况下可远程控制 Windows 域
内的任何机器,包括域控服务器。
目前暂未监测到有漏洞利用程序在互联网传播,但因部分漏洞细节已被公开,不排除有攻击者利用已公开细节写出漏洞利用程序的可能性。
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012/Windows Server 2012 (Server Core installation)
Windows Server 2012 R2/Windows Server 2012 R2 (Server Core installation)
Windows Server 2016/Windows Server 2016 (Server Core installation)
Windows Server 2019/Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
鉴于该漏洞影响范围大,潜在危害程度高, 建议采取以下修复措施:
1. 及时更新 Windows 操作系统补丁,安装完毕后需重启服务器,补丁地址为:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040
2. 开启所有重要服务器的强制 SMB 签名功能(在 Windows 域环境下,默认只有域控服务器开启了强制 SMB 签名)
3. 启用所有域控服务器的强制 LDAPS Channel Binding 功能(此功能默认不启用。启用后有可能造成兼容性问题。)
4. 启用所有域控服务器的强制 LDAP Signing 功能(此功能默认不启用。启用后有可能造成兼容性问题。)
5. 开启所有重要服务器(比如所有 Exchange 服务器)上相关应用的 Channel Binding功能(如 IIS 的 Channel Binding 功能)
