ShadowBroker公开的SMB远程命令执行漏洞修复

Posted 安全工搬砖笔记

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ShadowBroker公开的SMB远程命令执行漏洞修复相关的知识,希望对你有一定的参考价值。

有人不知道如何获得MS对应的补丁KB编号,可以看这篇文章了~

漏洞编号为ms17-010,如何查看对应MS号的补丁已经安装:

下载微软官方的补丁信息列表(Microsoft Security Bulletin Data)

https://www.microsoft.com/en-gb/download/confirmation.aspx?id=36982

 http://download.microsoft.com/download/6/7/3/673E4349-1CA5-40B9-8879-095C72D5B49D/BulletinSearch.xlsx

查看系统对应补丁号码:

执行systeminfo,查看是否有对应的补丁,比如server 2012R2对应的是KB4012598注意补丁最后备注信息,注意需要重启。

Date Posted    Bulletin Id    Bulletin KB    Severity    Impact    Title    Affected Product    Component KB    Affected Component    Impact    Severity    Supersedes    Reboot    CVEs
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 R2 for x64-based Systems Service Pack 1    4012212        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2016 for x64-based Systems    4013429        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 for 32-bit Systems    4012606        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 for x64-based Systems    4012606        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 Version 1511 for 32-bit Systems    4013198        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 Version 1511 for x64-based Systems    4013198        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 Version 1607 for 32-bit Systems    4013429        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 10 Version 1607 for x64-based Systems    4013429        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 R2 for Itanium-based Systems Service Pack 1    4012212        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 8.1 for 32-bit Systems    4012213        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 8.1 for x64-based Systems    4012213        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2012    4012214        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2012 R2    4012213        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows RT 8.1    4012216        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)    4012212        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2012 (Server Core installation)    4012214        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2012 R2 (Server Core installation)    4012213        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2016 for x64-based Systems (Server Core installation)    4013429        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Vista Service Pack 2    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Vista x64 Edition Service Pack 2    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 for 32-bit Systems Service Pack 2    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 for x64-based Systems Service Pack 2    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows Server 2008 for Itanium-based Systems Service Pack 2    4012598        Remote Code Execution    Critical    MS16-114[3177186]    Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 7 for 32-bit Systems Service Pack 1    4012212        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148
3/14/2017    ms17-010    4013389    Critical    Remote Code Execution    Security Update for Microsoft Windows SMB Server    Windows 7 for x64-based Systems Service Pack 1    4012212        Remote Code Execution    Critical        Yes    CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148

 

以上是关于ShadowBroker公开的SMB远程命令执行漏洞修复的主要内容,如果未能解决你的问题,请参考以下文章

Windows远程命令执行0day漏洞安全预警

smb(ms17-010)远程命令执行之msf

smb(ms17-010)远程命令执行之msf

高危Windows系统 SMB/RDP远程命令执行漏洞 手工修复办法

ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

SMB远程代码执行漏洞(CVE-2020-0796)分析验证及加固