Manually update the windows patch
Enterprises generally use missed scanning devices to scan servers.
Generally, the automatic update of windows server can solve most of the vulnerabilities, but there are still many patches that cannot be completely updated automatically
Generally, the vulnerability will correspond to a port of the server, such as 135 (port related to rpc) and 445 (port related to smb sharing), and their corresponding vulnerabilities may be as follows:
Solution
1. Block the port
If you are sure that the server will not use port 135, just block 135 port directly, and the corresponding vulnerability will naturally disappear.
2. Manually install the patch
Find the corresponding patch on the Microsoft official website, download it, and install it manually
3. Manual patch installation steps
1、找到对应的漏洞编号,比如 CVE-2021-34527
2. Open http://cve.mitre.org/cve/search_cve_list.html, search, find the corresponding operating system, and download the patch
注:谷歌浏览器如果无法下载,换成edge
3. Put the downloaded patch into the server, assuming that
the administrator runs cmd in C:\aaa, enter expand -F:* C:\aaa\windows10.0-kb5004947-x64.msu C:\aaa
will decompress at this time Produce a file ending in .cab
Run dism.exe /online /Add-Package /PackagePath:C:\aaa\Windows10.0-kb5004947-x64_PSFX.cab in cmd
and wait for the installation to complete