(028)61831184 
工作日9:00-12:00,13:00-17:00
iservice@uestc.edu.cn
信息安全
微软Exchange和DHCP服务端组件漏洞预警
发布于:2019-02-22 09:21:39   |   作者:   |   浏览次数:

近日,微软官方发布安全更新,修补了IE浏览器、Microsoft EdgeMicrosoft Office Microsoft Exchange Server 等产品中的多个漏洞。经过360CERT研判,本次公告中的CVE-2019-0686CVE-2019-0724Microsoft Exchange Server特权提升漏洞)和 CVE-2019-0626Windows DHCP 远程执行代码漏洞)影响广泛,危害严重,需要高度注意。

一、漏洞概述

1.CVE-2019-0686CVE-2019-0724 CVE-2018-8581

该组漏洞为Microsoft Exchange Server中的特权提升漏洞。需要开启Exchange Web服务(EWS)和推送通知。要利用此漏洞,攻击者需要进行中间人攻击,将身份验证请求转发到Microsoft Exchange Server模拟其他Exchange用户。成功利用,可以使攻击者取得Exchange服务器中任何用户权限,导致诸如邮件泄露之类的恶意活动。为解决此漏洞,微软将EWS客户端与Exchange Server之间建立的通知消息,使用匿名身份验证机制进行流式处理。CVE-2018-8581 201811月份安全更新中没有给出补丁,只是建议修改NTLM身份验证的注册表值。CVE-2019-0686 CVE-2019-0724 CVE-2018-8581 两种攻击方法,本次安全更新彻底修补了该漏洞。

2.CVE-2019-0626

该漏洞为Windows Server DHCP服务中存在内存损坏漏洞。没有前置利用条件,攻击者可以将特制数据包发送到DHCP服务器,成功利用可以使攻击者在DHCP服务中运行任意代码。

二、漏洞影响

1.CVE-2019-0686CVE-2019-0724 CVE-2018-8581

影响范围:

l Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26

l Microsoft Exchange Server 2013 Cumulative Update 22

l Microsoft Exchange Server 2016 Cumulative Update 12

l Microsoft Exchange Server 2019 Cumulative Update 1

2.CVE-2019-0626

影响范围:

l Windows 10 Version 1703 for 32-bit Systems

l Windows 10 Version 1703 for x64-ba

l Windows 10 Version 1803 for 32-bit Systems

l Windows 10 Version 1803 for x64-ba

l Windows Server, version 1803  (Server Core Installation)

l Windows 10 Version 1803 for ARM64-ba

l Windows 10 Version 1809 for 32-bit Systems

l Windows 10 Version 1809 for x64-ba

l Windows 10 Version 1809 for ARM64-ba

l Windows Server 2019

l Windows Server 2019  (Server Core installation)

l Windows 10 Version 1709 for 32-bit Systems

l Windows 10 Version 1709 for 64-ba

l Windows 10 Version 1709 for ARM64-ba

l Windows Server, version 1709  (Server Core Installation)

l Windows Server, version 1709  (Server Core Installation)

l Windows 10 for 32-bit Systems

l Windows 10 for x64-ba

l Windows 10 Version 1607 for 32-bit Systems

l Windows 10 Version 1607 for x64-ba

l Windows Server 2016

l Windows Server 2016  (Server Core installation)

l Windows 7 for 32-bit Systems Service Pack 1

l Windows 7 for x64-ba

l Windows 8.1 for 32-bit systems

l Windows 8.1 for x64-ba

l Windows RT 8.1

l Windows Server 2008 for 32-bit Systems Service Pack 2

l Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

l Windows Server 2008 for Itanium-ba

l Windows Server 2008 for x64-ba

l Windows Server 2008 for x64-ba

l Windows Server 2008 R2 for Itanium-ba

l Windows Server 2008 R2 for x64-ba

l Windows Server 2008 R2 for x64-ba

l Windows Server 2012

l Windows Server 2012 (Server Core installation)

l Windows Server 2012 R2

l Windows Server 2012 R2 (Server Core installation)

三、解决方案:

1.CVE-2019-0686CVE-2019-0724 漏洞补丁

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686

2.CVE-2019-0626 漏洞补丁

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0626