中国·开yun体育(官方)入口-APP下载安装·Maigoo百科

微软Exchange和DHCP服务端组件曝多个高危漏洞

时间:2019-02-26 16:01:11来源:信息安全服务部作者:开yun体育官网入口

本月微软“周二补丁日”,微软修补了IE浏览器、Microsoft Edge、Microsoft Office 和 Microsoft Exchange Server等多款产品中的大量漏洞。其中,微软消息与协作系统Exchange Server的三个高危特权提升漏洞(CVE-2019-0686、CVE-2019-0724和CVE-2018-8581)以及DHCP服务端组件的一个远程执行代码漏洞(CVE-2019-0626)的影响范围最为广泛、危害也最为严重,需要大家特别注意。

漏洞描述

  • CVE-2019-0686、CVE-2019-0724、CVE-2018-8581:Microsoft Exchange Server特权提升漏洞


这组漏洞是存在于Microsoft Exchange Server中的特权提升漏洞,需要开启Exchange Web服务(EWS)和推送通知。想要利用这组漏洞,攻击者需要进行中间人攻击,将身份验证请求转发到Microsoft Exchange Server模拟其他Exchange用户。成功利用,允许攻击者获得Exchange服务器中任何用户权限,进而实施电子邮件窃取之类的恶意活动。为了解决此漏洞,微软将EWS客户端与Exchange Server之间建立的通知消息,使用匿名身份验证机制进行流式处理。

其中,CVE-2018-8581在2018年11月份安全更新中没有给出补丁,只是建议修改NTLM身份验证的注册表值。CVE-2019-0686和CVE-2019-0724则是CVE-2018-8581的两种攻击方法,本次安全更新彻底修补了该漏洞。

  • CVE-2019-0626:Windows DHCP远程执行代码漏洞


这个漏洞实际上是存在于Windows Server DHCP服务中的一个内存损坏漏洞。没有前置利用条件,允许攻击者将特制数据包发送到DHCP服务器。成功利用,允许攻击者在DHCP服务中运行任意代码。

影响范围

  • CVE-2019-0686、CVE-2019-0724和CVE-2018-8581的影响范围如下:


Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26

Microsoft Exchange Server 2013 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 12

Microsoft Exchange Server 2019 Cumulative Update 1

  • CVE-2019-0626的影响范围如下:


Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows Server, version 1803 (Server Core Installation)

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for 64-based Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows Server, version 1709 (Server Core Installation)

Windows Server, version 1709 (Server Core Installation)

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

应对建议

  • 与CVE-2019-0686、CVE-2019-0724相关的系统补丁可以通过下面这两个链接找到:


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724

  • 与CVE-2019-0626相关的系统补丁可以通过下面这个链接找到:


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626

  • 与CVE-2018-8581相关的系统补丁可以通过下面这个链接找到:


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581

XML 地图