Shulou(Shulou.com)05/31 Report--

This article will explain in detail about the windows remote desktop code execution vulnerability CVE-2019-1181 analysis and repair program is how, the content of the article is of high quality, so the editor to share to you to do a reference, I hope you have a certain understanding of the relevant knowledge after reading this article.

On August 14, 2019, Microsoft released an update to windows's system patch, code name: CVE-2019-1181 department CVEMAIL 2019-1182 patch has carried out a comprehensive fix for the vulnerability of remote code execution with windows remote desktop. According to the analysis of the patch based on SINE security technology, it is found that these two vulnerabilities can cause attackers to bypass the administrator's identity security authentication by means of remote links and attack servers and computers. Raise rights and upload webshell, which is the same level as the previous blackmail virus, Eternal Blue, which is more harmful. Let's take a look at the details of this vulnerability:

At present, the vulnerability is affected in a wide range of areas:

Win7 SP1 version

Windows 2008 R2 SP1 system

Full series version of windows 2012

Windiws8.1

Windows10 version

All of the above system versions may be attacked. Check whether the version of rdp is between 8.0 and 8.1. If it is this version, there are basically vulnerabilities. The windows2003 server, as well as the windows xp,windows2008 version of the system, is not affected by this rdp vulnerability.

Overview of remote Desktop RDP Protocol vulnerabilities:

The RDP protocol vulnerability in windows remote desktop service can cause remote code execution vulnerability. The attacker simulates the packet connection to the server, bypasses the security verification of windows, sends malicious data packets directly to the server, and the server receives and executes them directly. As a result, the server can be uploaded to the webshell website Trojan, as well as the server dll backdoor. Attackers take advantage of the RDP remote protocol vulnerability to install software on the server and delete data. Create an administrator administrator account, which can be exploited only by establishing a RDP connection.

Vulnerability repair Scheme and Patch of CVE-2019-1181 Uniqq1182

It is recommended that the maintenance personnel of the website and server, open windows automatic updates, check for updates, and automatically download and install the latest patches, or you can fix them manually. Microsoft's official download address: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182 can also enable windows authentication and set network-level authentication to NLA. The NLA mode verifies the identity of the attacker when the attacker attacks, and the connection can only be logged on with a valid identity. Server users of Aliyun can add 3389 remote port to the security group rule and release IP separately to block the attack of vulnerabilities.

On the windows remote Desktop code execution vulnerability CVE-2019-1181 analysis and repair program is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.