JVNDB-2019-003551 - JVN iPedia - �ｽﾆ弱性�ｽﾎ搾ｿｽ�ｽ�ｽf�ｽ[�ｽ^�ｽx�ｽ[�ｽX

JVNDB-2019-003551
�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ Microsoft Windows �ｽ�ｽ�ｽi�ｽﾌ�ｿｽ�ｽ�ｽ�ｽ[�ｽg�ｽf�ｽX�ｽN�ｽg�ｽb�ｽv �ｽT�ｽ[�ｽr�ｽX�ｽﾉゑｿｽ�ｽ�ｽ�ｽ驛奇ｿｽ�ｽ�ｽ[�ｽg�ｽﾅコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性
�ｽT�ｽv
�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ Microsoft Windows �ｽ�ｽ�ｽi�ｽﾌ�ｿｽ�ｽ�ｽ�ｽ[�ｽg�ｽf�ｽX�ｽN�ｽg�ｽb�ｽv �ｽT�ｽ[�ｽr�ｽX�ｽﾉは、�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽg�ｽﾅコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB �ｽx�ｽ�ｽ�ｽ_�ｽﾍ、�ｽ{�ｽﾆ弱性�ｽ�ｽ�ｽu�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽg �ｽf�ｽX�ｽN�ｽg�ｽb�ｽv �ｽT�ｽ[�ｽr�ｽX�ｽﾌ�ｿｽ�ｽ�ｽ�ｽ[�ｽg�ｽﾅコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性�ｽv�ｽﾆゑｿｽ�ｽﾄ鯉ｿｽ�ｽJ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v3 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 9.8 (�ｽﾙ急) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽﾉ必�ｽv�ｽﾈ難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽx�ｽ�ｽ: �ｽs�ｽv �ｽ�ｽ�ｽp�ｽﾒの関与: �ｽs�ｽv �ｽe�ｽ�ｽ�ｽﾌ想�ｽ�ｽﾍ茨ｿｽ: �ｽﾏ更�ｽﾈゑｿｽ �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽ�ｽ �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽ�ｽ �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽ�ｽ CVSS v2 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 10.0 (�ｽ�ｯ) [NVD�ｽl] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽO�ｽﾌ認�ｽﾘ要�ｽ�ｽ: �ｽs�ｽv �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽS�ｽﾊ的 �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽS�ｽﾊ的 �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽS�ｽﾊ的
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

�ｽ}�ｽC�ｽN�ｽ�ｽ�ｽ\�ｽt�ｽg Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 (Server Core installation) Microsoft Windows Server 2008 for Itanium-Based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems SP2 (Server Core installation) Microsoft Windows Server 2008 R2 for Itanium-Based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 R2 for x64-based Systems SP1 (Server Core installation)

�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽF�ｽﾘゑｿｽ�ｽ�ｽﾄゑｿｽ�ｽﾈゑｿｽ�ｽU�ｽ�ｽ�ｽﾒにゑｿｽ�ｽARDP �ｽ�ｽ�ｽg�ｽp�ｽ�ｽ�ｽﾄ標�ｽI�ｽﾌシ�ｽX�ｽe�ｽ�ｽ�ｽﾉ接托ｿｽ�ｽ�ｽ�ｽI�ｽ�ｽ�ｽﾉ細工�ｽ�ｽ�ｽ黷ｽ�ｽ�ｽ�ｽN�ｽG�ｽX�ｽg�ｽ乱M�ｽ�ｽ�ｽ�ｽ驍ｱ�ｽﾆで、�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽg�ｽﾅコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
�ｽ}�ｽC�ｽN�ｽ�ｽ�ｽ\�ｽt�ｽg Security Update Guide : CVE-2019-0708 \| Remote Desktop Services Remote Code Execution Vulnerability �ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽX�ｽV�ｽv�ｽ�ｽ�ｽO�ｽ�ｽ�ｽ�ｽ�ｽK�ｽC�ｽh : CVE-2019-0708 \| �ｽ�ｽ�ｽ�ｽ�ｽ[�ｽg �ｽf�ｽX�ｽN�ｽg�ｽb�ｽv �ｽT�ｽ[�ｽr�ｽX�ｽﾌ�ｿｽ�ｽ�ｽ�ｽ[�ｽg�ｽﾅコ�ｽ[�ｽh�ｽ�ｽ�ｽ�ｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽﾆ弱性
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽ�ｽﾏみ�ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ使�ｽp(CWE-416) [NVD�ｽ]�ｽ�ｽ] �ｽ�ｽ�ｽ�ｽﾏみ�ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ使�ｽp(CWE-416) [�ｽ�ｽ�ｽﾌ托ｿｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2019-0708
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2019-0708 IPA �ｽd�ｽv�ｽﾈセ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : Microsoft �ｽ�ｽ�ｽi�ｽﾌ脆弱性�ｽﾎ搾ｿｽﾉつゑｿｽ�ｽ�ｽ(2019�ｽN5�ｽ�ｽ) JPCERT �ｽ�ｽ�ｽﾓ奇ｿｽ�ｽN : JPCERT-AT-2019-0023 CISA Known Exploited Vulnerabilities Catalog : CVE-2019-0708 ICS-CERT ADVISORY : ICSMA-20-049-01
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2019�ｽN05�ｽ�ｽ20�ｽ�ｽ] �ｽf�ｽ�ｽ [2020�ｽN02�ｽ�ｽ21�ｽ�ｽ] �ｽQ�ｽl�ｽ�ｽ�ｽFICS-CERT ADVISORY (ICSMA-20-049-01) �ｽ�ｽﾇ会ｿｽ


�ｽ�ｽ�ｽ\�ｽ�ｽ	2019/05/14
�ｽo�ｽ^�ｽ�ｽ	2019/05/20
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2020/02/21