據微軟稱,未受保護的服務器無需用戶互動即可在網絡上傳播病毒與惡意軟件。
微軟警告用戶,應立即更新 Windows 10 操作系統,以免受關鍵漏洞危害。
該公司表示,未受保護的服務器可在網絡上自發傳播病毒和惡意軟件,無需用戶授意。開啟自動更新功能的 Windows 10 設備已受到保護。
受影響 Windows 版本包括 Windows 7 SP1、Windows Server 2008 R2 SP1、Windows Server 2012、Windows 8.1、Windows Server 2012 R2 等。但 Windows XP 反而沒事。
Windows 10 是世界上最流行的桌面操作系統。當前全球約有 8 億臺設備安裝了 Windows 10 操作系統,也就是說,上億設備面臨風險。
據微軟提示,在 2020 年 1 月 14 日後,Microsoft 將不再為運行 Windows 7 的電腦提供安全更新程序或技術支持。那麼也就意味了更多的電腦將面臨安全威脅。
微軟已提供更新包,可以再官方下載更新,防止電腦,服務器遭受安全威脅。
另外還需要安裝安全可靠的殺毒軟件,開啟防火牆,包括硬件防火牆和軟件防火牆,儘快更新殺毒軟件,更新病毒庫,防止未經殺毒的U盤插到設備上,使用安全的VPN等。
受漏洞影響的系統版本完整列表如下:
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows Server, version 1803 (Server Core Installation)
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows Server, version 1903 (Server Core installation)
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
漏洞地址:
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
補丁地址:
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
閱讀更多 劍指工控 的文章