{"id":62621,"date":"2019-11-18T09:00:41","date_gmt":"2019-11-18T01:00:41","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=62621"},"modified":"2019-11-15T17:03:12","modified_gmt":"2019-11-15T09:03:12","slug":"%e5%bc%95%e7%99%bc-bsod-%e7%9a%84bluekeep%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%e9%80%a0%e6%88%90%e7%b3%bb%e7%b5%b1%e5%b4%a9%e6%bd%b0%e7%9a%84%e5%8e%9f%e5%9b%a0","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=62621","title":{"rendered":"\u5f15\u767c BSoD \u7684BlueKeep\u6f0f\u6d1e\u653b\u64ca,\u9020\u6210\u7cfb\u7d71\u5d29\u6f70\u7684\u539f\u56e0"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/documents.trendmicro.com\/images\/TEx\/articles\/20180413044442143-204-vtu0ekw-2000.jpg\" alt=\"BleKeep\"\/><\/figure>\n\n\n\n<p>\u5b89\u5168\u7814\u7a76\u4eba\u54e1Kevin Beaumont\u548cMarcus Hutchins\u7684\u5831\u544a\u62ab\u9732\u4e86\u6700\u8fd1\u6703<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/halloween-exploits-scare-bluekeep-chrome-s-zero-days-in-the-wild\">\u5728\u88ab\u5165\u4fb5\u88dd\u7f6e\u4e0a\u5b89\u88dd\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u75c5\u6bd2<\/a>\u7684BlueKeep\u6f0f\u6d1e\u653b\u64ca\u3002Beaumont\u572811\u6708\u521d\u6ce8\u610f\u5230\u4ed6\u7528\u4f86\u5075\u6e2c\u548c\u76e3\u8996BlueKeep\u6f0f\u6d1e\u653b\u64ca\u7684\u871c\u7f50\u7cfb\u7d71\u4e00\u76f4\u5728\u5d29\u6f70\u3002\u8abf\u67e5\u5d29\u6f70\u539f\u56e0\u5f8c\u8b49\u5be6\u9019\u662f\u56e0\u70baMetasploit\u6ef2\u900f\u6e2c\u8a66\u6846\u67b6\u7684BlueKeep\u6f0f\u6d1e\u653b\u64ca\u6a21\u7d44\u6240\u9020\u6210\u3002\u871c\u7f50\u7cfb\u7d71\u51fa\u73fe\u7684\u85cd\u8272\u6b7b\u4ea1\u87a2\u5e55\u7576\u6a5f\u756b\u9762- blue screen of death \uff08BSOD \uff09\u8b93 Beaumont \u767c\u73fe\u4e86\u771f\u5be6\u653b\u64ca\u7684\u5b58\u5728\u3002<\/p>\n\n\n\n<p>\u900f\u904e\u5c0d\u9019\u4e9b\u4e8b\u4ef6\u7684\u8abf\u67e5\uff0cMicrosoft\u767c\u73fe\u5341\u6708\u4e0b\u65ec\u7684\u653b\u64ca\u8207\u4e5d\u6708\u7684\u4e00\u6ce2\u653b\u64ca\u6d3b\u52d5\u6709\u6240<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/11\/07\/the-new-cve-2019-0708-rdp-exploit-attacks-explained\/\">\u95dc\u806f<\/a> \u2013 \u9019\u4e9b\u653b\u64ca\u53ef\u80fd\u90fd\u662f\u7531\u540c\u500b\u99ed\u5ba2\u5718\u9ad4\u6240\u9032\u884c\u3002\u9019\u5f15\u767c\u4e86\u6703<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-warns-of-more-harmful-windows-bluekeep-attacks-patch-now\/\">\u6709\u66f4\u591a\u653b\u64ca\u51fa\u73fe<\/a>\u7684\u95dc\u6ce8\u548c\u8b66\u544a\u3002BlueKeep\u662f\u6703\u5f71\u97ffWindows 7\u3001Windows Server 2008\u548cWindows Server 2008 R2\u4e0a\u9060\u7aef\u684c\u9762\u5354\u5b9a\uff08RDP\uff09\u670d\u52d9\u7684\u9060\u7aef\u57f7\u884c\u78bc\u6f0f\u6d1e\u3002Microsoft\u5df2\u7d93\u5728<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/mays-patch-tuesday-include-fixes-for-wormable-flaw-in-windows-xp-zero-day-vulnerability\/\">\u4e94\u6708<\/a>\u52a0\u4ee5\u4fee\u88dc\u3002Microsoft\u4e00\u76f4\u6566\u4fc3\u7ba1\u7406\u54e1\u8981\u4fee\u88dcRDP\u670d\u52d9\u4f86\u5e6b\u52a9\u9632\u79a6\u6b64\u6f0f\u6d1e\u906d\u53d7\u653b\u64ca\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<h4 class=\"wp-block-heading\"><strong>BlueKeep<\/strong><strong>\u9020\u6210\u7cfb\u7d71\u5d29\u6f70\u7684\u539f\u56e0\u548c\u4fee\u5fa9<\/strong><\/h4>\n\n\n\n<p>\u5982\u524d\u6240\u8ff0\uff0cBeaumont\u7684BlueKeep\u871c\u7f50\u7cfb\u7d71\u4e00\u76f4\u5728\u5d29\u6f70\u4e26\u91cd\u65b0\u555f\u52d5\u3002\u6f0f\u6d1e\u653b\u64ca\u6703\u4e0d\u65b7\u9020\u6210BSOD\u5d29\u6f70\uff0c\u986f\u793a\u5176\u4e26\u4e0d\u7a69\u5b9a\u3002\u5fae\u8edf\u7684\u9032\u4e00\u6b65\u8abf\u67e5\u986f\u793aBlueKeep\u6f0f\u6d1e\u653b\u64ca<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/11\/07\/the-new-cve-2019-0708-rdp-exploit-attacks-explained\/\">\u6709\u4eba\u70ba\u64cd\u4f5c\u4f86\u5354\u52a9\u6ef2\u900f\u7db2\u8def<\/a>\uff0c\u610f\u601d\u662f\u6b64\u60e1\u610f\u8edf\u9ad4\u4e26\u975e\u6703\u81ea\u884c\u6563\u64ad\u7684\u8815\u87f2\u75c5\u6bd2\u3002<a href=\"https:\/\/www.trendmicro.com\/vinfo\/ph\/security\/news\/vulnerabilities-and-exploits\/metasploit-publishes-working-bluekeep-exploit\">\u64f4\u6563\u80fd\u529b<\/a>\u662fBlueKeep\u6f0f\u6d1e\u653b\u64ca\u5728\u4e5d\u6708\u9996\u6b21\u62ab\u9732\u6642\u5f15\u8d77\u7814\u7a76\u4eba\u54e1\u95dc\u5fc3\u7684\u554f\u984c\u3002Microsoft\u8a8d\u70ba\u653b\u64ca\u8005\u53ef\u80fd\u4f7f\u7528\u624b\u52d5\u7aef\u53e3\u6383\u63cf\u4f86\u627e\u51fa\u6709\u6f0f\u6d1e\u7684\u96fb\u8166\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/www.zdnet.com\/article\/bluekeep-exploit-to-get-a-fix-for-its-bsod-problem\/\">\u6839\u64da\u5b89\u5168\u7814\u7a76\u4eba\u54e1Sean\nDillon\uff0c<\/a>\u6703\u9020\u6210BSOD\u662f\u56e0\u70ba\u6f0f\u6d1e\u653b\u64ca\u78bc\u8207Microsoft\u91dd\u5c0dMeltdown Intel CPU\u6f0f\u6d1e\u6240\u767c\u5e03\u7684\u4fee\u88dc\u7a0b\u5f0f\u4e0d\u76f8\u5bb9\u3002\u4f46\u5df2\u7d93\u6709\u8a08\u5283\u6703<a href=\"https:\/\/zerosum0x0.blogspot.com\/2019\/11\/fixing-remote-windows-kernel-payloads-meltdown.html#kva_conclusion\">\u66f4\u65b0Metasploit\u7684BlueKeep\u6f0f\u6d1e\u653b\u64ca\u78bc<\/a>\u4f86\u652f\u63f4<a href=\"https:\/\/www.trendmicro.com\/vinfo\/tr\/security\/news\/vulnerabilities-and-exploits\/meltdown-and-spectre-intel-processor-vulnerabilities-what-you-need-to-know\">Meltdown<\/a>\u7684\u6838\u5fc3\u4fee\u88dc\u7a0b\u5f0f\u3002\u4e0d\u5e78\u7684\u662f\uff0c\u9019\u4ee3\u8868\u4e86\u653b\u64ca\u8005\u6709\u66f4\u5927\u7684\u6a5f\u6703\u53bb\u653b\u64ca\u6709\u6f0f\u6d1e\u7684\u7cfb\u7d71\n\u2013 \u4ed6\u5011\u53ef\u4ee5\u4f7f\u7528\u66f4\u52a0\u7a69\u5b9a\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u4e0d\u6703\u56e0\u70ba\u5f15\u8d77BSOD\u800c\u90a3\u9ebc\u5bb9\u6613\u88ab\u5bdf\u89ba\u3002<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>\u5b89\u5168\u554f\u984c\u548c\u5efa\u8b70<\/strong><\/h4>\n\n\n\n<p>\u6b63\u5982<a href=\"https:\/\/twitter.com\/MalwareTechBlog\/status\/1192926816370970625\">Hutchins\u6240\u5f37\u8abf<\/a>\u7684\uff0cBlueKeep\u6700\u7dca\u8feb\u7684\u554f\u984c\u4e26\u4e0d\u662f\u8815\u87f2\u75c5\u6bd2\u3002\u771f\u6b63\u8a72\u95dc\u5fc3\u7684\u662f\u4f3a\u670d\u5668\u662f\u5426\u6703\u906d\u53d7\u653b\u64ca\u3002\u5927\u591a\u6578\u6703\u906d\u53d7BlueKeep\u6f0f\u6d1e\u653b\u64ca\u7684\u96fb\u8166\u5176\u5be6\u90fd\u662f\u4f3a\u670d\u5668\uff0c\u800c\u88ab\u5165\u4fb5\u7684\u4f3a\u670d\u5668\u8b93\u653b\u64ca\u8005\u80fd\u5920\u8f15\u6613\u5730\u5728\u5167\u90e8\u7db2\u8def\u8f49\u9032\u548c\u64f4\u6563\u3002\u4ed6\u6307\u51faWindows\u4f3a\u670d\u5668\u901a\u5e38\u6703\u63a7\u5236\u7db2\u8def\u4e0a\u7684\u5176\u4ed6\u96fb\u8166\uff0c\u53ef\u80fd\u662f\u6709\u5b89\u88dd\u7db2\u8def\u7ba1\u7406\u5de5\u5177\u7684\u7db2\u57df\u7ba1\u7406\u54e1\u6216\u662f\u6703\u8ddf\u7db2\u8def\u5176\u9918\u96fb\u8166\u5171\u4eab\u76f8\u540c\u7684\u672c\u5730\u7ba1\u7406\u54e1\u5e33\u5bc6\u3002<\/p>\n\n\n\n<p>\u907a\u61be\u7684\u662f\uff0c\u5373\u4f7f\u51fa\u73fe\u4e86BlueKeep\u653b\u64ca\u5bc6\u7f50\u7cfb\u7d71\u7684\u5831\u5c0e\uff0c\u7cfb\u7d71\u7ba1\u7406\u54e1\u4ecd\u7136\u6c92\u6709\u52d5\u529b\u53bb\u9032\u884c\u4fee\u88dc\u3002SANS Institute\u7684\u7814\u7a76\u4eba\u54e1\u4e00\u76f4\u5728\u900f\u904eShodan\u8ffd\u8e2a\u4fee\u88dc\u7387\uff0c\u4e26\u6ce8\u610f\u5230<a href=\"https:\/\/www.theregister.co.uk\/2019\/11\/11\/bluekeep_didnt_boost_patching\/\">\u81ea\u4e94\u6708\u4ee5\u4f86\u4fee\u88dc\u7387\u5c31\u4e00\u76f4\u5448\u4e0b\u964d\u8da8\u52e2<\/a>\u3002\u6700\u8fd1\u95dc\u65bc\u653b\u64ca\u4e8b\u4ef6\u7684\u5a92\u9ad4\u5831\u5c0e\u4e26\u6c92\u6709\u6539\u8b8a\u6b64\u4e00\u8da8\u52e2\u3002<\/p>\n\n\n\n<p>\u5e95\u4e0b\u662f\u80fd\u5920\u5e6b\u52a9\u4f7f\u7528\u8005\u548c\u4f01\u696d\u6e1b\u5c11\u906d\u53d7BlueKeep\u6f0f\u6d1e\u653b\u64ca\u98a8\u96aa\u7684\u6700\u4f73\u5be6\u4f5c\uff1a<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/vulnerabilities-and-exploits\/patching-problems-and-how-to-solve-them\"><em>\u4fee\u88dc<\/em><\/a>\u4e26\u4fdd\u6301\u7cfb\u7d71\u53ca\u61c9\u7528\u7a0b\u5f0f\u5728\u6700\u65b0\u72c0\u614b\uff08\u6216\u5728\u8001\u820a\u53ca\u7d42\u6b62\u652f\u63f4\u7cfb\u7d71\u4e0a\u63a1\u7528<a href=\"https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/vulnerabilities-and-exploits\/virtual-patching-patch-those-vulnerabilities-before-they-can-be-exploited\">\u865b\u64ec\u4fee\u88dc<\/a>\u6280\u8853\uff09\u3002<\/li><li>\u5c0d<a href=\"https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/vulnerabilities-and-exploits\/infosec-guide-remote-desktop-protocol-rdp\">\u9060\u7aef\u684c\u9762<\/a>\u670d\u52d9\u52a0\u4ee5\u9650\u5236\u6216<a href=\"https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/cybercrime-and-digital-threats\/best-practices-securing-sysadmin-tools\">\u9632\u8b77<\/a>\u3002\u4f8b\u5982\u5c01\u9396\u7aef\u53e33389\uff08\u6216\u5728\u4e0d\u4f7f\u7528\u6642\u5c07\u5176\u505c\u7528\uff09\u6709\u52a9\u65bc\u963b\u6b62\u60e1\u610f\u5a01\u8105\u8207<a href=\"https:\/\/www.trendmicro.com\/vinfo\/hk-en\/security\/news\/security-technology\/best-practices-deploying-an-effective-firewall\">\u9632\u706b\u7246<\/a>\u80cc\u5f8c\u7cfb\u7d71\u9032\u884c\u9023\u7dda\u3002<\/li><li>\u555f\u7528<a href=\"https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server-2008-R2-and-2008\/cc732713(v=ws.11)\">\u7db2\u8def\u7d1a\u8eab\u4efd\u9a57\u8b49<\/a>\uff08NLA\uff09\uff0c\u9632\u6b62\u672a\u7d93\u8eab\u4efd\u9a57\u8b49\u7684\u653b\u64ca\u8005\u653b\u64caBlueKeep\u6f0f\u6d1e\u3002\u53ef\u4ee5\u5728Windows 7\u548cWindows Server 2008\uff08\u5305\u62ecR2\u7248\u672c\uff09\u5167<a href=\"https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/it-pro\/windows-server-2008-R2-and-2008\/cc732713(v=ws.11)\">\u8a2d\u5b9a<\/a>\u3002<\/li><li>\u5f37\u5236\u57f7\u884c\u6700\u5c0f\u6b0a\u9650\u539f\u5247\u3002\u63a1\u7528\u5982\u52a0\u5bc6\u3001\u9396\u5b9a\u7b56\u7565\u53ca\u5176\u4ed6\u57fa\u65bc\u6b0a\u9650\u6216\u89d2\u8272\u7684\u5b58\u53d6\u63a7\u5236\u7b49\u5b89\u5168\u6a5f\u5236\u4f86\u63d0\u4f9b\u591a\u4e00\u5c64\u7684\u5b89\u5168\u9632\u8b77\uff0c\u9632\u6b62\u6703\u5165\u4fb5\u9060\u7aef\u684c\u9762\u670d\u52d9\u7684\u653b\u64ca\u6216\u5a01\u8105\u3002<\/li><\/ul>\n\n\n\n<p><a href=\"https:\/\/t.rend.tw\/?i=NDIwMw==\">\u8da8\u52e2\u79d1\u6280Deep Discovery\u9032\u968e\u7db2\u8def\u5b89\u5168\u9632\u8b77<\/a> \u00a0\u548c <a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/product-security\/vulnerability-protection\">Vulnerability Protection HYPERLINK <\/a>\u6f0f\u6d1e\u9632\u8b77\u89e3\u6c7a\u65b9\u6848\u80fd\u900f\u904e\u4e0b\u5217\u6df1\u5ea6\u5c01\u5305\u6aa2\u6e2c\uff08DPI\uff09\u898f\u5247\u4f86\u4fdd\u8b77\u7cfb\u7d71\u548c\u4f7f\u7528\u8005\u62b5\u79a6\u91dd\u5c0d\u6f0f\u6d1eCVE-2019-0708\u7684\u5a01\u8105\uff1a<\/p>\n\n\n\n<ul><li>1009749 &#8211; Microsoft Windows\nRemote Desktop Services Remote Code Execution Vulnerability<\/li><\/ul>\n\n\n\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/intrusion-prevention\/tipping-point-threat-protection-system.html\">\u8da8\u52e2\u79d1\u6280TippingPoint<\/a>\u7684\u5ba2\u6236\u53ef\u4ee5\u7528\u4e0b\u5217<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/intrusion-prevention\/threat-intelligence.html\">MainlineDV<\/a>\u904e\u6ffe\u5668\u4f86\u62b5\u79a6\u653b\u64ca\u6f0f\u6d1eCVE-2019-0708\u7684\u5a01\u8105\uff1a<\/p>\n\n\n\n<ul><li>35296: RDP: Microsoft Remote\nDesktop Services Negotiation Request Without CredSSP<\/li><\/ul>\n\n\n\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/bluekeep-exploit-gets-an-update-following-recent-attacks\">BlueKeep\nExploit Will Get an Update Following Recent Attacks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5b89\u5168\u7814\u7a76\u4eba\u54e1Kevin Beaumont\u548cMarcus Hutchins\u7684\u5831\u544a\u62ab\u9732\u4e86\u6700\u8fd1\u6703\u5728\u88ab\u5165\u4fb5\u88dd\u7f6e\u4e0a\u5b89\u88dd\u865b [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[1,156],"tags":[4457,4456,452],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/62621"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=62621"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/62621\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=62621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=62621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=62621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}