近期发现,微软公司披露的最新的远程代码执行超高危漏洞CVE-2024-38077,CVSS评分高达9.8,可导致开启了远程桌面许可服务的Windows服务器完全沦陷。漏洞影响WindowsServer2000到WindowsServer2025所有版本,已存在近30年。该漏洞可稳定利用、可远控、可勒索、可蠕虫等,破坏力极大。漏洞存在于Windows远程桌面许可管理服务(RDL)中,该服务被广泛部署于开启Windows远程桌面(3389端口)的服务器中,用于管理远程桌面连接许可。攻击者无需任何前置条件,无需用户交互(零点击)便可直接获取服务器最高权限,执行任意操作。
一、漏洞详情
Windows远程桌面许可服务远程代码执行漏洞CVE-2024-38077,漏洞威胁等级:高危。未经认证的攻击者可利用该漏洞远程执行代码,获取服务器控制权限。
建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻击。
二、影响范围
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2025 Preview
三、修复建议
对于暂无法安装更新补丁的情况,微软公司建议在确认RDL服务非必要的前提下,采取关闭RDL服务等临时防范措施。
