超高危微软远程桌面漏洞 CVE-2024-38077
描述
近期,微软披露最新的远程代码执行超高危漏洞“Windows 远程桌面授权服务远程代码执行漏洞”,漏洞编号:CVE-2024-38077, CVSS评分高达9.8 ,可导致开启了远程桌面许可服务的Windwos服务器完全沦陷。漏洞影响Windows Server2000到WindowsServer 2025所有版本,已存在近30年。该漏洞可稳定利用、可远控、可勒索、可蠕虫等,破坏力极大,攻击者无须任何权限即可实现远程代码执行。
漏洞存在于 “Windows 远程桌面授权服务(RDL)”。利用此漏洞,攻击者无需任何前置条件,无需用户交互(零点击)便可直接获取服务器最高权限,执行任意操作。但是 RDL 服务默认情况下不开启,仅在需要 RDP 多会话接入时才需要开启 RDL 服务
概述
| 漏洞名称 | Windows 远程桌面授权服务远程代码执行漏洞(CVE-2024-38077) |
|---|---|
| 影响范围 | 2000 <= Windows Server >= 2025 |
| 漏洞类型 | 远程代码执行 |
| 漏洞级别 | 严重 |
| 发布时间 | 微软于2024年7月9日公开该漏洞 |
| 利用要求 | 1、用户认证:不需要认证 2、前置要求:服务器开启“Windows Remote Desktop Licensing(RDL)” 3、触发方法:远程 4、利用难度:技术实现简单 |
| 解决方案 | 微软官方已经发布漏洞补丁包,请及时更新补丁包。 |
漏洞验证
验证 Remote Desktop Licensing 服务是否启动方法步骤:
1、cmd命令行输入services.msc,打开服务控制台
2、查找是否存在 Remote Desktop Licensing 服务并处于启用状态
3、若无该服务,则说明默认未安装受影响的服务,不受影响,如存在该服务,则需要进一步判断是否安装最新2024年7月补丁。涉及该漏洞的系统如下:
| 系统版本 | Build Number |
|---|---|
| Windows Server 2012 R2 (Server Core installation) | 6.3.9600.22074 |
| Windows Server 2012 R2 | 6.3.9600.22074 |
| Windows Server 2012 (Server Core installation) | 6.2.9200.24975 |
| Windows Server 2012 | 6.2.9200.24975 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 6.1.7601.27219 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 6.0.6003.22769 |
| Windows Server 2016 (Server Core installation) | 10.0.14393.7159 |
| Windows Server 2016 | 10.0.14393.7159 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 10.0.25398.1009 |
| Windows Server 2022 (Server Core installation) | 10.0.20348.2582 |
| Windows Server 2022 | 10.0.20348.2582 |
| Windows Server 2019 (Server Core installation) | 10.0.17763.6054 |
| Windows Server 2019 | 10.0.17763.6054 |
解决方案
官方修复建议
微软官方已经发布关于该漏洞的修复方案,受影响的设备可以通过官方链接进行修复解决。链接如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077
组件停用解决
1、cmd命令行输入services.msc,打开服务控制台 2、将 Remote Desktop Licensing 服务停用并设置为禁用
补丁包解决
注意:漏洞修复存在一定的风险性以及不可控因素 ,在漏洞修复过程中可能会存在蓝屏、 死机、操作系统无法正常启动、业务异常等相关问题,使用修复方案前需提前验证可能存在的风险。测试无异常后方可在生产环境下使用下述方法。如无法确认,可以将该组件(RDL)进行停用从而起到规避,参考“组件停用解决”
| 产品 | 下载 | Build Number |
|---|---|---|
| Windows Server 2012 R2 (Server Core installation) | 5040456 | 6.3.9600.22074 |
| Windows Server 2012 R2 | 5040456 | 6.3.9600.22074 |
| Windows Server 2012 (Server Core installation) | 5040485 | 6.2.9200.24975 |
| Windows Server 2012 | 5040485 | 6.2.9200.24975 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040497 | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5040498 | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040497 | 6.1.7601.27219 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5040498 | 6.1.7601.27219 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040499 | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5040490 | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040499 | 6.0.6003.22769 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5040490 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040499 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5040490 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040499 | 6.0.6003.22769 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5040490 | 6.0.6003.22769 |
| Windows Server 2016 (Server Core installation) | 5040434 | 10.0.14393.7159 |
| Windows Server 2016 | 5040434 | 10.0.14393.7159 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5040438 | 10.0.25398.1009 |
| Windows Server 2022 (Server Core installation) | 5040437 | 10.0.20348.2582 |
| Windows Server 2022 | 5040437 | 10.0.20348.2582 |
| Windows Server 2019 (Server Core installation) | 5040430 | 10.0.17763.6054 |
| Windows Server 2019 | 5040430 | 10.0.17763.6054 |
更多信息可以关注公众号~
