Windows developed by Microsoft Corporation is a windowing operating system.
Buffer overrun vulnerability exists in the Windows smart card authentication module gpkcsp.dll, if the system is turned on Remote Desktop (RDP) service and join the domain, a remote attacker could exploit this vulnerability to execute arbitrary code on the target machine by sending malicious code, and thus control the entire system .
Affected Systems:
Windows XP through SP3
Windows Server 2003 through SP2
The CVE-2017-0176 to replace the original labeled CVE-2017-9073.
Solution
Official upgrade:
Microsoft
---------
Microsoft has released a security bulletin and corresponding patch:
Notice the link: https: //support.microsoft.com/zh-cn/help/4022747/security-update-for-windows-xp-and-windows-server-2003
Patch link: http: //www.catalog.update.microsoft.com/search.aspx q = 4022747?
Temporary solution:
Incapable of upgrading the customer can use the following methods of protection for this vulnerability
1. Disable Remote Desktop feature. If you must use this feature, you must do the restrictions on external access, while using method 2.
2. Disable Remote Desktop smart card function
By Group Policy: Computer Configuration -> Administrative Templates -> Terminal Services -> Client / server data redirection -> Do not allow smart card device redirection is set to Enable
Through the registry: adding \ SOFTWARE \ Microsoft \ Windows NT Terminal Services under the path HKEY_LOCAL_MACHINE \ Policies \ item fEnableSmartCard type DWORD, value 0
These two methods are needed to restart the Remote Desktop Services or reboot the system