易记彩票

微软SMBv3服务“蠕虫型”利用漏洞风险通告漏洞概述

2020年03月11日 作者: 瀚思科技

漏洞概述

3YUE11RI,WEIRUANGONGBULEZAIServer Message Block 3.0(SMBv3)ZHONGFAXIANDE“RUCHONGXING”YUSHOUQUANYUANCHENGDAIMAZHIXINGLOUDONG,GAILOUDONGYIBEIDINGYIWEICVE-2020-0796。GAILOUDONGSHIYOUYUSMBv3XIEYIZAICHULIEYIDEYASUOSHUJUBAOSHICHUCUOSUOZAOCHENGDE,TAKERANGYUANCHENGQIEWEIJINGSHENFENYANZHENGDEGONGJIZHEZAIMUBIAOXITONGSHANGZHIXINGRENYIDAIMA。

SMBFUWUWEI2017NIANWannaCryXILIELESUORUANJIANRUCHONGCHUANBOSUOLIYONGDEFUWUXIEYI,TONGCHANGYONGYUJISUANJIZHIJIANGONGXIANGWENJIAN、DAYINJI、CHUANKOUDENGTONGXIN,ZAIBUFENCAOZUOXITONGBANBENZHONGMORENSHIKAIQIDE。 MUQIAN,MicrosoftSHANGWEIFABUTEDINGZHENDUICILOUDONGDEBUDINGCUOSHI,JINTIGONGLELINSHIHUANJIECUOSHI。

风险等级

HULIANWANGSHANGWEIGONGBUPoCJILIYONGFANGFA,HANSIJIANGCHIXUMIQIEGUANZHU。

影响版本

应对建议

  1. 参考微软建议,禁用Disable SMBv3 compression服务模块:

YIGUANLIYUANMOSHI,ZAIpowershellMINGLINGXINGXIAZHIXINGRUXIAMINGLING

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

WEIRUANSHENGCHENGYISHANGWUXUZHONGQIXITONG、KELIJISHENGXIAO。

  1. RUQUERENWUXIANGGUANGONGXIANGLEIFUWUFUWU,KEZHIJIEGUANBITCP 445DENGDUANKOUTONGXINLAIJINXINGFANGHU(ZHUYITONGSHIFANGHUNEIWANGHEWAIWANGLIUXIANGTONGXIN) http://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections

  2. ZAIHANSIANQUANPINGTAISHANGDUI445DUANKOUDEDALIANGSAOMIAOLEIGAOJINGSHIJIANBAOCHIZHONGDIANGUANZHU ZANWUXUPEIZHUANMENGUIZE

参考链接

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200005