警惕出现下一个“WannaCry”,安天紧急发布CVE-2017-11780漏洞免疫工具

2017-10-12 390701人围观 ,发现 7 个不明物体 漏洞资讯

近日,国家信息安全漏洞共享平台(CNVD)收录了Microsoft WindowsSMB Server远程代码执行漏洞(CNVD-2017-29681,对应CVE-2017-11780)。远程攻击者成功利用漏洞可允许在目标系统上执行任意代码,如果利用失败将导致拒绝服务。CNVD对该漏洞的综合评级为“高危”。综合业内各方研判情况,该漏洞影响版本范围跨度大,一旦漏洞细节披露,将造成极为广泛的攻击威胁,或可诱发APT攻击。

安天提醒用户警惕出现“WannaCry”蠕虫翻版,建议根据本文中“受影响系统版本”和“微软官方补丁编号”及时做好漏洞排查和处置工作。目前,安天已紧急发布了应对该漏洞的免疫工具(工具下载链接:http://www.antiy.com/tools.html )。另外,安天智甲终端防御系统及探海威胁检测系统等产品对类似机理的漏洞均有检测防御安全策略。

一、受影响系统版本

israbye FreeBuf.COM

二、 防护解决方案

2.1        安装微软官方补丁

用户可根据系统安装补丁编号排查是否已经安装官方补丁。

Windows 7系统操作如下:开始→控制面板→Windows Update→查看更新历史记录。

Windows10系统操作如下:Windows设置→更新和安全→历史更新记录(如下图)。

israbye FreeBuf.COM

不同系统版本微软官方补丁编号、参考链接如下表(安全更新为本次漏洞的单独补丁,月度累积更新为补丁集合(含本次漏洞补丁)):

israbye FreeBuf.COM

2.2   临时防护步骤

2.2.1   由于相关原因不能及时安装补丁的详细防护步骤如下:

关闭网络,开启系统防火墙;

利用系统防火墙高级设置阻止向445端口进行连接(该操作会影响使用445端口的服务)及网络共享;

 打开网络,开启系统自动更新,并检测更新进行安装;

2.2.2   Windows 7系统的处理流程举例:

1)   关闭网络。

israbye FreeBuf.COM

2)    打开“控制面板→系统与安全→Windows防火墙”,点击左侧“启动或关闭Windows防火墙”。

israbye FreeBuf.COM

3)   选择“启用Windows防火墙”,并点击确定。

israbye FreeBuf.COM

4)    点击“高级设置”。

israbye FreeBuf.COM

5)   点击“入站规则→新建规则”,以445端口为例。

israbye FreeBuf.COM

6)    选择“端口”,点击下一步。

israbye FreeBuf.COM

7)   选择“特定本地端口”,输入445,点击下一步。

8)   选择“阻止连接”,点击下一步。

israbye FreeBuf.COM

9)   全选“配置文件”中的选项,点击下一步。

israbye FreeBuf.COM

10)   在名称中可任意键入文字,点击完成即可。

israbye FreeBuf.COM

11)   恢复网络。

israbye FreeBuf.COM

12)   开启系统自动更新,并检测更新进行安装。

israbye FreeBuf.COM

13)    Windows 7系统需要关闭Server 服务才能够禁用445端口的连接。

关闭操作系统的server服务:依次点击“开始 →运行”,输入services.msc,进入服务管理控制台。

israbye FreeBuf.COM

双击Server,先停用,再选择禁用。

israbye FreeBuf.COM

israbye FreeBuf.COM

最后重启Windows 7。使用netstat –an查看445端口已不存在。

israbye FreeBuf.COM

注:在系统更新完成后,如果业务需要使用SMB服务,将上面设置的防火墙入站规则删除即可。 

 israbye FreeBuf.COM

2.3 下载安天CVE-2017-11780漏洞免疫工具

安天针对该漏洞发布的免疫工具可实现禁用系统服务、设置ipsec本地组策略等功能,提供通过阻断SMB连接使漏洞 (CVE-2017-11780/CNVD-2017-29681)无法触发的临时缓解方案。

注意,请优先选择及时更新补丁并安装防护软件以保证系统安全!安装补丁后即可无需免疫处理。

响应轨迹:

2017年10月12日12:00,安天首次发布《安天应对微软SMB漏洞(CVE-2017-11780)响应手册》,并发布安天CVE-2017-11780漏洞免疫工具1.0.0.0版本。

*本文作者:antiylab,转载请注明FreeBuf.COM

这些评论亮了

发表评论

已有 7 条评论

  • Evistix  (2级) 个人描述♂不可描述  2017-10-12 回复 2楼
    • antiylab  (2级) 安天网络安全官方账号  2017-10-13 回复

      @ plane636  您好 以下是更新链接
      微软产系统版本 补丁编号(KB***)和链接
      Windows 10 for 32-bit Systems https://www.catalog.update.microsoft.com/Search.aspx?q=KB4042895(安全更新)

      Windows 10 for x64-based Systems
      Windows 10 Version 1511 for 32-bit Systems https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041689(安全更新)
      Windows 10 Version 1511 for x64-based Systems
      Windows 10 Version 1607 for 32-bit Systems https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041691(安全更新)
      Windows 10 Version 1607 for x64-based Systems
      Windows 10 Version 1703 for 32-bit Systems https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041676(安全更新)
      Windows 10 Version 1703 for x64-based Systems
      Windows 7 for 32-bit Systems Service Pack 1 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041681(月度累积更新)
      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041678(安全更新)
      Windows 7 for x64-based Systems Service Pack 1
      Windows 8.1 for 32-bit systems https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041693(月度累积更新)
      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041687(安全更新)
      Windows 8.1 for x64-based systems
      Windows RT 8.1 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041693(月度累积更新)

      Windows Server 2008 for 32-bit Systems Service Pack 2 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041995(安全更新)

      Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
      Windows Server 2008 for Itanium-Based Systems Service Pack 2
      Windows Server 2008 for x64-based Systems Service Pack 2
      Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
      Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041681(月度累积更新)
      https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041678(安全更新)

      Windows Server 2008 R2 for x64-based Systems Service Pack 1
      Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
      Windows Server 2012 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041690(月度累积更新)
      https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041679(安全更新)

      Windows Server 2012 (Server Core installation)
      Windows Server 2012 R2 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041693(月度累积更新)
      https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041687(安全更新)

      Windows Server 2012 R2 (Server Core installation)
      Windows Server 2016 https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041691(安全更新)

      Windows Server 2016 (Server Core installation)

  • fcoding  (1级)  2017-10-13 回复 6楼

    微软产系统版本
    补丁编号(KB***)和链接
    Windows 10 for 32-bit Systems
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4042895(安全更新)
    Windows 10 for x64-based Systems
    Windows 10 Version 1511 for 32-bit Systems
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041689(安全更新)
    Windows 10 Version 1511 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041691(安全更新)
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1703 for 32-bit Systems
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041676(安全更新)
    Windows 10 Version 1703 for x64-based Systems
    Windows 7 for 32-bit Systems Service Pack 1
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041681(月度累积更新)
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041678 (安全更新)
    Windows 7 for x64-based Systems Service Pack 1
    Windows 8.1 for 32-bit systems
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041693(月度累积更新)
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4041687 (安全更新)
    Windows 8.1 for x64-based systems
    Windows RT 8.1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041693(月度累积更新)
    Windows Server 2008 for 32-bit Systems Service Pack 2
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041995(安全更新)
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for Itanium-Based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041681(月度累积更新)
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041678(安全更新)
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows Server 2012
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041690(月度累积更新)
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041679(安全更新)
    Windows Server 2012 (Server Core installation)
    Windows Server 2012 R2
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041693(月度累积更新)
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041687(安全更新)
    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2016
    https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4041691(安全更新)
    Windows Server 2016 (Server Core installation)

取消
Loading...
css.php