Google

Vulnerabilidad de ejecución remota en servicio RDP

Written on:May 16, 2019
Comments
Add One

Se ha detectado una vulnerabilidad para el servicio de remote desktop o terminal services, permitiendo al atacante ejecutar código malicioso o arbitrario.

Nivel de Severidad por la CVSS: HIGH

La vulnerabilidad se presenta en sistemas operativos que no tienen soporte por parte del fabricante Microsoft, permitiendo al atacante instalar programas, ver, cambiar, eliminar información, crear cuentas con permisos de administrador esto mediante el servicio remote desktop.

Servicios y productos afectados

• Windows 7 for 32-bit Systems Service Pack 1
• Windows 7 for x64-based Systems Service Pack 1
• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for Itanium-Based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Para la remediación de esta vulnerabilidad, se recomienda instalar los parches por parte del fabricante basados en la siguiente tabla:

Windows 7 for 32-bit Systems Service Pack 1 4499164
4499175
Windows 7 for x64-based Systems Service
Pack 1
4499164
4499175
Windows Server 2008 for 32-bit Systems
Service Pack 2
4499149
4499180
Windows Server 2008 for 32-bit Systems
Service Pack 2 (Server Core installation)
4499149
4499180
Windows Server 2008 for Itanium-Based
Systems Service Pack 2
4499149
4499180
Windows Server 2008 for x64-based Systems
Service Pack 2
4499149
4499180
Windows Server 2008 for x64-based Systems
Service Pack 2 (Server Core installation)
4499149
4499180
Windows Server 2008 R2 for Itanium-Based
Systems Service Pack 1
4499164
4499175
Windows Server 2008 R2 for x64-based
Systems Service Pack 1
4499164
4499175
Windows Server 2008 R2 for x64-based
Systems Service Pack 1 (Server Core
installation)
4499164
4499175

Otra alternativa para remediar esta vulnerabilidad es:

  • Deshabilitar el servicio remoto RDP en caso de no utilizarse.
  • En caso de tener un equipo de seguridad perimetral, bloquear el puerto TCP 3389 o RDP
  • Habilitar el servicio NLA (Network Level Authentication) dentro de la configuración de remote desktop

Referencias:

https://support.microsoft.com/es-mx/help/4500705/customer-guidance-for-cve-2019-0708

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: