专栏首页绿盟科技安全情报【漏洞预警】Windows NTLM篡改漏洞(CVE-2019-1040)预警通告

【漏洞预警】Windows NTLM篡改漏洞(CVE-2019-1040)预警通告

预警编号:NS-2019-0019

2019-06-12

TAG:

微软、Windows、CVE-2019-1040

危害等级:

高,此漏洞可绕过NTLM MIC安全机制。

版本:

1.0

1

漏洞概述

北京时间6月12日,微软官方发布了Windows NTLM篡改漏洞(CVE-2019-1040)的修复补丁,该漏洞存在于Windows操作系统中,攻击者利用此漏洞可绕过NTLM MIC的防护机制。

NTLM relay是域环境下的一种攻击手段,针对这种攻击技术Windows采用签名机制进行防护。为了确保 NTLM 协商阶段不会被攻击者篡改, Windows在NTLM身份验证消息中添加了一个附加字段,即MIC,但是利用此漏洞可导致该字段无效,从而绕过MIC防护机制。

参考链接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040

SEE MORE →

2影响范围

受影响版本

  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1703 for 32-bit Systems
  • Windows 10 Version 1703 for x64-based Systems
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server, version 1903 (Server Core installation)

3漏洞排查

在影响范围内,且未安装最新补丁的系统均受此漏洞影响。用户可通过查询当前系统是否已经安装补丁,判断当前系统是否受该漏洞影响,具体操作步骤如下:

1. 按下快捷键“Win”+“r”,在弹出的运行窗口中输入control后回车进入控制面板。

2. 点击程序。

3. 点击查看已安装的更新

4. 在右上角搜索框搜索相应的KB编号,如果没有搜索到相关的安装程序说明,则当前系统存在安全风险,不同操作系统版本对应的KB编号可查询附录A。

4漏洞防护

4.1 官方补丁

微软官方已经发布更新补丁,请用户及时进行补丁更新。获得并安装补丁的方式有三种:内网WSUS服务、微软官网Microsoft Update服务、离线安装补丁。

注:如果需要立即启动Windows Update更新,可以在命令提示符下键入wuauclt.exe /detectnow。

方式一:内网WSUS服务

适用对象:已加入搭建有WSUS服务器内网活动目录域的计算机,或手工设置了访问内网WSUS服务。

系统会定时自动下载所需的安全补丁并提示安装,请按提示进行安装和重启系统。

如果希望尽快安装补丁,请重新启动一次计算机即可。

方式二:微软官网Microsoft Update服务

适用对象:所有可以联网,不能使用内网WSUS服务的计算机,包括未启用内网WSUS服务的计算机、启用了内网WSUS服务但未与内网连接的计算机。

未启用内网WSUS服务的计算机,请确保Windows自动更新启用,按照提示安装补丁并重启计算机。

启用内网WSUS服务的计算机但没有与内网连接的计算机,请点击开始菜单-所有程序-Windows Update,点击“在线检查来自Windows Update的更新”,按提示进行操作。

方式三:离线安装补丁

下载对应的补丁安装包,双击运行即可进行修复,下载链接可参考本文“附录A 官方补丁下载链接”。

附录A官方补丁下载链接

操作系统版本

补丁下载链接

补丁编号

Windows 10 x86

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503291-x86_8d119231762adfe09926346f1f141b22c3954422.msu

KB4503291

Windows 10 x64

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503291-x64_d93add874181eaa61e6ad77ee37922ba61987929.msu

KB4503291

Windows 10 Version 1607 x32

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x86_f19fbfaf4b8abc167327e26c39cd4d3aa2c573ed.msu

KB4503267

Windows 10 Version 1607 x64

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu

KB4503267

Windows 10 Version 1703 for 32-bit Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503279-x86_f97c4659d527c01dac9eee8d33b0c0d17421f244.msu

KB4503279

Windows 10 Version 1703 for 64-bit Systems

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503279-x64_f943add8c72a58a53fd3c4ed8b8cccbc5978258a.msu

KB4503279

Windows 10 Version 1709 for 32-bit Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-x86_d5ddd7ae23568470f7e0124a3c50c0045ef8c81d.msu

KB4503284

Windows 10 Version 1709 for 64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-x64_a2a689c0683e881c70f6ffbe3840b73a651fbd06.msu

KB4503284

Windows 10 Version 1709 for ARM64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-arm64_7f3df7c6e9e7e433b411ed506dfb036342821fc4.msu

KB4503284

Windows 10 Version 1803 for 32-bit Systems

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x86_49c769a0e8c1721da95cb00805c15a8acb45e7ce.msu

KB4503286

Windows 10 Version 1803 for ARM64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-arm64_af3c37687fc62855ed93c499c9e50b46a0033a94.msu

KB4503286

Windows 10 Version 1803 for x64-based Systems

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x64_9799650b3b8f356486a748619070306997833d17.msu

KB4503286

Windows 10 Version 1809 for 32-bit Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x86_e7b4e93a5bb54eef9cb80de5cb9a1087a9753cd0.msu

KB4503327

Windows 10 Version 1809 for ARM64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-arm64_9cc6e7b5060de49b29b388f2c8d81e529bc06565.msu

KB4503327

Windows 10 Version 1809 for x64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu

KB4503327

Windows 10 Version 1903 for 32-bit Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x86_c4e69a424156fbaafe872103cf94cb79d067d8c8.msu

KB4503293

Windows 10 Version 1903 for ARM64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-arm64_ffd3fb7c0d325004829b63349f4471962479e198.msu

KB4503293

Windows 10 Version 1903 for x64-based Systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x64_df9098dcf9761b5652aab2666438fb128c16ffe0.msu

KB4503293

Windows 7 for 32-bit Systems Service Pack 1

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x86_525652cb7e59c7ec922ff4e7efc60426d10cbe14.msu

KB4503269

Windows 7 for x64-based Systems Service Pack 1

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu

KB4503269

Windows 8.1 for 32-bit systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows8.1-kb4503276-x86_6255fed2ad9cefb3fa8c44ff3422dae1531bf7c1.msu

KB4503290KB4503276(月度更新汇总)

Windows 8.1 for x64-based systems

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows8.1-kb4503276-x64_668a79da48ee0d02a5caa94c686ab7dd1270f771.msu

KB4503290KB4503276(月度更新汇总)

Windows RT 8.1

微软未提供下载链接

KB4503276(月度更新汇总)

Windows Server 2008 for 32-bit Systems Service Pack 2

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x86_9340ad1c3d474c273eb34ae17cbb288f0b36559e.msu

KB4503287KB 4503273(月度更新汇总)

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x86_9340ad1c3d474c273eb34ae17cbb288f0b36559e.msu

KB4503287KB 4503273(月度更新汇总)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-ia64_474810fbe10cdf61d1c4bbfa6ddc3cd99fa9b0cd.msu

KB4503287KB 4503273(月度更新汇总)

Windows Server 2008 for x64-based Systems Service Pack 2

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x64_3938da9a2635d2a6f7447e81121a0c91a43c3dd3.msu

KB4503287KB 4503273(月度更新汇总)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x64_3938da9a2635d2a6f7447e81121a0c91a43c3dd3.msu

KB4503287KB 4503273(月度更新汇总)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-ia64_b6b6cd0e80cffa2528503c22a8b02e0c0cc381d2.msu

KB4503269

Windows Server 2008 R2 for x64-based Systems Service Pack 1

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu

KB4503269

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu

KB4503269

Windows Server 2012

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8-rt-kb4503263-x64_a91a258e1ebaf70e2974b8009a9c2382fcad1241.msu

KB4503263KB4503285(月度更新汇总)

Windows Server 2012 (Server Core installation)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8-rt-kb4503263-x64_a91a258e1ebaf70e2974b8009a9c2382fcad1241.msu

KB4503263KB4503285(月度更新汇总)

Windows Server 2012 R2

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8.1-kb4503290-x64_b89d6a7b0c552bba293c60a41838d5c517e73c30.msu

KB4503290 KB4503276(月度更新汇总)

Windows Server 2012 R2 (Server Core installation)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8.1-kb4503290-x64_b89d6a7b0c552bba293c60a41838d5c517e73c30.msu

KB4503290KB4503276(月度更新汇总)

Windows Server 2016

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu

KB4503267

Windows Server 2016 (Server Core installation)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu

KB4503267

Windows Server 2019

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu

KB4503327

Windows Server 2019 (Server Core installation)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu

KB4503327

Windows Server, version 1803 (Server Core Installation)

http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x64_9799650b3b8f356486a748619070306997833d17.msu

KB4503286

Windows Server, version 1903 (Server Core installation)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x64_df9098dcf9761b5652aab2666438fb128c16ffe0.msu

KB4503293

END

作者:绿盟科技安全服务部

声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

本文分享自微信公众号 - 绿盟科技安全预警(nsfocus_secwarning),作者:绿盟安全服务部

原文出处及转载信息见文内详细说明,如有侵权,请联系 yunjia_community@tencent.com 删除。

原始发表时间:2019-06-12

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • 【漏洞预警】微软远程桌面服务远程代码执行漏洞(CVE-2019-1181&CVE-2019-1182)预警通告

    北京时间2019年8月14日,微软发布了一系列远程桌面服务修复方案及补丁,其中包含2个严重的远程代码执行漏洞CVE-2019-1181和 CVE-2019-11...

    绿盟科技安全情报
  • 【安全更新】微软11月安全更新多个产品高危漏洞

    北京时间11月11日,微软发布11月安全更新补丁,修复了112个安全问题,涉及Microsoft Windows、Microsoft Office、Micros...

    绿盟科技安全情报
  • 【漏洞通告】微软Type 1字体分析远程执行代码漏洞通告

    3月24日,微软发布了编号为ADV200006的安全通告,通告指出Adobe Type Manager Library在处理multi-master字体(Ado...

    绿盟科技安全情报
  • 设计模式学习(三): 装饰者模式 (附C#实现)

    需求 做一个咖啡店的订单系统。 买咖啡时,可以要求加入各种调料,如奶,豆浆,摩卡等。咖啡店会根据调料的不同收取不同的费用。订单系统要考虑这些。 初版设计 ? 然...

    solenovex
  • 大数据时代-可视化数据分析平台必不可少

    支持多数据源的管理,系统默认自带了MySQL、Oracle、PostgreSQL、SQL Server部分版本数据库的驱动程序,支持自定义扩展数据源。

    不安分的猿人
  • 性能超越谷歌MobileNet!依图团队提出新一代移动端网络架构MobileNeXt ,入选ECCV2020

    《三体》中罗辑沉睡了两个世纪后,在位于地下一千多米的城市中醒来;《流浪地球》中,行星推进器下500米的地下城。

    新智元
  • “逆天”!看达芬奇机器人如何成全女人的爱美之心?

    爱美之心,人皆有之,即使是生病了也不例外,就像患甲状腺肿瘤的重庆的陈女士,她脖子上长了一个直径为4厘米的甲状腺肿瘤,医生建议她切除肿块,但她表示接受不了手术之后...

    机器人网
  • 【Jetson开发项目展示】利用Jetson NANO和TensorRT做一个道路智能坑洞检测器

    随着社会经济的发展,汽车已经成为人们不可或缺的代步工具。然而由于汽车数量的大幅度增加,以及道路未及时养护,产生了大量严重损毁的道路。而这些损毁状况严重的路面对驾...

    GPUS Lady
  • 阿卡姆大数据科普报告——Calcite

    Apache Calcite 是独立于存储与执行的SQL解析、优化引擎,广泛应用于各种离线、搜索、实时查询引擎,如Drill、Hive、Kylin、Solr、f...

    麒思妙想
  • 【深度学习】③--神经网络细节与训练注意点

    1. 权重的初始化 1.1 fine-tuning 神经网络的训练的有两种方式,第一种是自己从头到尾训练一遍;第二种是使用别人训练好的模型,然后根据自己的实际需...

    Spark学习技巧

扫码关注云+社区

领取腾讯云代金券