漏洞名稱RDP Client遠(yuǎn)程代碼執(zhí)行漏洞 漏洞簡述微軟10月8日推出了十月的安全更新�,修復(fù)了Windows操作系統(tǒng)和相關(guān)產(chǎn)品系列中的60個(gè)常見漏洞和披露(CVE)。在這9個(gè)中����,“ 嚴(yán)重 ” 分類為51個(gè)����,“ 重要 ” 分類為51個(gè)。其中包括遠(yuǎn)程桌面客戶端遠(yuǎn)程執(zhí)行代碼漏洞| CVE-2019-1333���。 Windows Remote Desktop客戶端在處理惡意制作的文件時(shí)�����,存在一個(gè)遠(yuǎn)程執(zhí)行代碼漏洞�����,使遠(yuǎn)程攻擊者可以利用此漏洞并在受感染系統(tǒng)的上下文中執(zhí)行任意代碼����。 要利用此漏洞,攻擊者將需要通過社交工程�����,DNS中毒或使用中間人(MITM)技術(shù)來誘使用戶連接到攻擊者控制的服務(wù)器并控制受影響的系統(tǒng)�,并且攻擊者可能入侵合法服務(wù)器,在其上托管惡意代碼��,然后等待用戶連接�。 如果成功利用此漏洞,攻擊者可以安裝程序����,查看,更改�����,刪除數(shù)據(jù)�,還可以創(chuàng)建具有完全用戶權(quán)限的新帳戶。 威脅等級(jí)高危 受影響的系統(tǒng)Microsoft Windows 10 Version 1607 for 32-bit SystemsMicrosoft Windows 10 Version 1607 for x64-based SystemsMicrosoft Windows 10 Version 1709 for ARM64-based SystemsMicrosoft Windows 10 Version 1803 for 32-bit SystemsMicrosoft Windows 10 Version 1803 for ARM64-based SystemsMicrosoft Windows 10 Version 1803 for x64-based SystemsMicrosoft Windows 10 Version 1809 for 32-bit SystemsMicrosoft Windows 10 Version 1809 for ARM64-based SystemsMicrosoft Windows 10 Version 1809 for x64-based SystemsMicrosoft Windows 10 Version 1903 for 32-bit SystemsMicrosoft Windows 10 Version 1903 for ARM64-based SystemsMicrosoft Windows 10 Version 1903 for x64-based SystemsMicrosoft Windows 10 for 32-bit SystemsMicrosoft Windows 10 for x64-based SystemsMicrosoft Windows 10 version 1703 for 32-bit SystemsMicrosoft Windows 10 version 1703 for x64-based SystemsMicrosoft Windows 10 version 1709 for 32-bit SystemsMicrosoft Windows 10 version 1709 for x64-based SystemsMicrosoft Windows 7 for 32-bit Systems SP1Microsoft Windows 7 for x64-based Systems SP1Microsoft Windows 8.1 for 32-bit SystemsMicrosoft Windows 8.1 for x64-based SystemsMicrosoft Windows RT 8.1Microsoft Windows Server 1803Microsoft Windows Server 1903Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1Microsoft Windows Server 2008 R2 for x64-based Systems SP1Microsoft Windows Server 2008 for 32-bit Systems SP2Microsoft Windows Server 2008 for Itanium-based Systems SP2Microsoft Windows Server 2008 for x64-based Systems SP2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows Server 2016Microsoft Windows Server 2019 漏洞利用暫未公開利用和驗(yàn)證 修復(fù)建議微軟官方已給出針對(duì)此漏洞的安全更新補(bǔ)?��。?/p> https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1333 |
