【漏洞预警】Windows NTLM篡改漏洞(CVE-2019-1040)预警通告
【漏洞预警】Windows NTLM篡改漏洞(CVE-2019-1040)预警通告
预警编号:NS-2019-0019
2019-06-12
TAG: | 微软、Windows、CVE-2019-1040 |
|---|---|
危害等级: | 高,此漏洞可绕过NTLM MIC安全机制。 |
版本: | 1.0 |
1
漏洞概述
北京时间6月12日,微软官方发布了Windows NTLM篡改漏洞(CVE-2019-1040)的修复补丁,该漏洞存在于Windows操作系统中,攻击者利用此漏洞可绕过NTLM MIC的防护机制。
NTLM relay是域环境下的一种攻击手段,针对这种攻击技术Windows采用签名机制进行防护。为了确保 NTLM 协商阶段不会被攻击者篡改, Windows在NTLM身份验证消息中添加了一个附加字段,即MIC,但是利用此漏洞可导致该字段无效,从而绕过MIC防护机制。
参考链接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040
SEE MORE →
2影响范围
受影响版本
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit systems
- Windows 8.1 for x64-based systems
- Windows RT 8.1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for Itanium-Based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server, version 1803 (Server Core Installation)
- Windows Server, version 1903 (Server Core installation)
3漏洞排查
在影响范围内,且未安装最新补丁的系统均受此漏洞影响。用户可通过查询当前系统是否已经安装补丁,判断当前系统是否受该漏洞影响,具体操作步骤如下:
1. 按下快捷键“Win”+“r”,在弹出的运行窗口中输入control后回车进入控制面板。
2. 点击程序。
3. 点击查看已安装的更新
4. 在右上角搜索框搜索相应的KB编号,如果没有搜索到相关的安装程序说明,则当前系统存在安全风险,不同操作系统版本对应的KB编号可查询附录A。
4漏洞防护
4.1 官方补丁
微软官方已经发布更新补丁,请用户及时进行补丁更新。获得并安装补丁的方式有三种:内网WSUS服务、微软官网Microsoft Update服务、离线安装补丁。
注:如果需要立即启动Windows Update更新,可以在命令提示符下键入wuauclt.exe /detectnow。
方式一:内网WSUS服务
适用对象:已加入搭建有WSUS服务器内网活动目录域的计算机,或手工设置了访问内网WSUS服务。
系统会定时自动下载所需的安全补丁并提示安装,请按提示进行安装和重启系统。
如果希望尽快安装补丁,请重新启动一次计算机即可。
方式二:微软官网Microsoft Update服务
适用对象:所有可以联网,不能使用内网WSUS服务的计算机,包括未启用内网WSUS服务的计算机、启用了内网WSUS服务但未与内网连接的计算机。
未启用内网WSUS服务的计算机,请确保Windows自动更新启用,按照提示安装补丁并重启计算机。
启用内网WSUS服务的计算机但没有与内网连接的计算机,请点击开始菜单-所有程序-Windows Update,点击“在线检查来自Windows Update的更新”,按提示进行操作。
方式三:离线安装补丁
下载对应的补丁安装包,双击运行即可进行修复,下载链接可参考本文“附录A 官方补丁下载链接”。
附录A官方补丁下载链接
操作系统版本 | 补丁下载链接 | 补丁编号 |
|---|---|---|
Windows 10 x86 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503291-x86_8d119231762adfe09926346f1f141b22c3954422.msu | KB4503291 |
Windows 10 x64 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503291-x64_d93add874181eaa61e6ad77ee37922ba61987929.msu | KB4503291 |
Windows 10 Version 1607 x32 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x86_f19fbfaf4b8abc167327e26c39cd4d3aa2c573ed.msu | KB4503267 |
Windows 10 Version 1607 x64 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu | KB4503267 |
Windows 10 Version 1703 for 32-bit Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503279-x86_f97c4659d527c01dac9eee8d33b0c0d17421f244.msu | KB4503279 |
Windows 10 Version 1703 for 64-bit Systems | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503279-x64_f943add8c72a58a53fd3c4ed8b8cccbc5978258a.msu | KB4503279 |
Windows 10 Version 1709 for 32-bit Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-x86_d5ddd7ae23568470f7e0124a3c50c0045ef8c81d.msu | KB4503284 |
Windows 10 Version 1709 for 64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-x64_a2a689c0683e881c70f6ffbe3840b73a651fbd06.msu | KB4503284 |
Windows 10 Version 1709 for ARM64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503284-arm64_7f3df7c6e9e7e433b411ed506dfb036342821fc4.msu | KB4503284 |
Windows 10 Version 1803 for 32-bit Systems | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x86_49c769a0e8c1721da95cb00805c15a8acb45e7ce.msu | KB4503286 |
Windows 10 Version 1803 for ARM64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-arm64_af3c37687fc62855ed93c499c9e50b46a0033a94.msu | KB4503286 |
Windows 10 Version 1803 for x64-based Systems | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x64_9799650b3b8f356486a748619070306997833d17.msu | KB4503286 |
Windows 10 Version 1809 for 32-bit Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x86_e7b4e93a5bb54eef9cb80de5cb9a1087a9753cd0.msu | KB4503327 |
Windows 10 Version 1809 for ARM64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-arm64_9cc6e7b5060de49b29b388f2c8d81e529bc06565.msu | KB4503327 |
Windows 10 Version 1809 for x64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu | KB4503327 |
Windows 10 Version 1903 for 32-bit Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x86_c4e69a424156fbaafe872103cf94cb79d067d8c8.msu | KB4503293 |
Windows 10 Version 1903 for ARM64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-arm64_ffd3fb7c0d325004829b63349f4471962479e198.msu | KB4503293 |
Windows 10 Version 1903 for x64-based Systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x64_df9098dcf9761b5652aab2666438fb128c16ffe0.msu | KB4503293 |
Windows 7 for 32-bit Systems Service Pack 1 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x86_525652cb7e59c7ec922ff4e7efc60426d10cbe14.msu | KB4503269 |
Windows 7 for x64-based Systems Service Pack 1 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu | KB4503269 |
Windows 8.1 for 32-bit systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows8.1-kb4503276-x86_6255fed2ad9cefb3fa8c44ff3422dae1531bf7c1.msu | KB4503290KB4503276(月度更新汇总) |
Windows 8.1 for x64-based systems | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows8.1-kb4503276-x64_668a79da48ee0d02a5caa94c686ab7dd1270f771.msu | KB4503290KB4503276(月度更新汇总) |
Windows RT 8.1 | 微软未提供下载链接 | KB4503276(月度更新汇总) |
Windows Server 2008 for 32-bit Systems Service Pack 2 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x86_9340ad1c3d474c273eb34ae17cbb288f0b36559e.msu | KB4503287KB 4503273(月度更新汇总) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x86_9340ad1c3d474c273eb34ae17cbb288f0b36559e.msu | KB4503287KB 4503273(月度更新汇总) |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-ia64_474810fbe10cdf61d1c4bbfa6ddc3cd99fa9b0cd.msu | KB4503287KB 4503273(月度更新汇总) |
Windows Server 2008 for x64-based Systems Service Pack 2 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x64_3938da9a2635d2a6f7447e81121a0c91a43c3dd3.msu | KB4503287KB 4503273(月度更新汇总) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows6.0-kb4503287-x64_3938da9a2635d2a6f7447e81121a0c91a43c3dd3.msu | KB4503287KB 4503273(月度更新汇总) |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-ia64_b6b6cd0e80cffa2528503c22a8b02e0c0cc381d2.msu | KB4503269 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu | KB4503269 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows6.1-kb4503269-x64_d518b12868bb1202a03fbc33c2d716092ae9c2e2.msu | KB4503269 |
Windows Server 2012 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8-rt-kb4503263-x64_a91a258e1ebaf70e2974b8009a9c2382fcad1241.msu | KB4503263KB4503285(月度更新汇总) |
Windows Server 2012 (Server Core installation) | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8-rt-kb4503263-x64_a91a258e1ebaf70e2974b8009a9c2382fcad1241.msu | KB4503263KB4503285(月度更新汇总) |
Windows Server 2012 R2 | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8.1-kb4503290-x64_b89d6a7b0c552bba293c60a41838d5c517e73c30.msu | KB4503290 KB4503276(月度更新汇总) |
Windows Server 2012 R2 (Server Core installation) | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows8.1-kb4503290-x64_b89d6a7b0c552bba293c60a41838d5c517e73c30.msu | KB4503290KB4503276(月度更新汇总) |
Windows Server 2016 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu | KB4503267 |
Windows Server 2016 (Server Core installation) | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503267-x64_51ff317097c854ffc5d9ee5badab6fcf7462d324.msu | KB4503267 |
Windows Server 2019 | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu | KB4503327 |
Windows Server 2019 (Server Core installation) | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503327-x64_7bd62b3999caa3fd8d57338212e7c9676687ac68.msu | KB4503327 |
Windows Server, version 1803 (Server Core Installation) | http://download.windowsupdate.com/d/msdownload/update/software/secu/2019/06/windows10.0-kb4503286-x64_9799650b3b8f356486a748619070306997833d17.msu | KB4503286 |
Windows Server, version 1903 (Server Core installation) | http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/06/windows10.0-kb4503293-x64_df9098dcf9761b5652aab2666438fb128c16ffe0.msu | KB4503293 |
END
作者:绿盟科技安全服务部
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。