[High Risk Vulnerability Alert] SMB/RDP Remote Command Execution Vulnerability in Windows Operating System
1. Scope of Vulnerability:
The affected versions of Windows are known to include but are not limited to:
Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8, Windows 2008, Windows 2008 R2, Windows Server 2012 SP0;
2. Vulnerability Detection:
The tool exposed this time leverages SMB services and RDP services to invade remotely. Users need to check if the ports 137, 139, 445, and 3389 are enabled. The method of detection is:
To telnet the destination address 445 on an extranet computer, for example, telnet [IP] 445
3. Mitigation Measures
(1) Microsoft has issued a circular, strongly recommended that you update the latest patch. Please refer to the link below for details.
(2) At present, the Alibaba Cloud console also issued a one-key circumvention tool for this vulnerability. If you do not use 137, 139, 445 ports in your business, you can login to the ECS Console - Security Group Management - Rule Configuration to use the tool to circumvent this risk.
(3) Restrict 3389 remote login Source IP addresses using the security group's public network entry policy.
We will continue to follow the progress of this event, and keep you updated. You can get more details in the link (https://intl.aliyun.com/forum/read-888). Thank you for your support on Alibaba Cloud!