Go to computer terminal for registration
Recently, JD Cloud Security Team monitored the emergency security patch released office by Microsoft and fixed remote execution code vulnerability (CVE-2019-1181/1182) for Windows remote desktop service.
Attackers can use this vulnerability to obtain Windows server permissions. In order to prevent your business from being affected, JD Cloud security team recommends you to conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.
Windows Server 2008 R2
Windows Server 2008
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
1. [Suggestion] Patch update (it is suggested that you backup data and images before installing the patch), Open Windows Update and click "Check for Updates", perform the evaluation according to the business situation, download and install the corresponding security patches, reboot the system after the update for taking effect and observe the operation status of system and business.
Manual Download Address:
Windows Server 2008 R2:
Windows Server 2012 R2:
Windows Server 2016:
2. [Mitigation] Enable Network Level Authentication (NLA): Open the "Control Panel" menu in Windows and find "System and Security - System - Remote Settings" option, find "Remote" option card, select "Only allow computer connections (more secure) that run on remote desktops using Network Level Authentication" to enable.
3. [Mitigation] Configure Security Group: Temporarily disables RDP service ports from external access or access with authorized specific IP.
1. Official Update Announcement:https://portal.msrc.microsoft.com/en-us/security-guidance
2. Microsoft Official Warning:https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/?from=timeline&isappinstalled=0
JD Cloud team2019-08-20 15:52:35