微软5月安全更新补丁和HTTP协议栈远程代码执行高危漏洞风险提示:
【漏洞公告】
2021年5月12日,微软官方发布了5月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Windows操作系统、Exchange Server、.Net Core、Office、SharePoint Server、Hyper-V、 Visual Studio。其中严重漏洞4个,高危漏洞50个。请相关用户及时更新对应补丁修复漏洞。相关链接参考:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-May
根据公告,此次更新中的CVE-2021-31166 HTTP 协议栈远程代码执行漏洞无需身份交互和用户交互,且此漏洞可通过蠕虫传播,影响十分广泛,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
【影响范围】
CVE-2021-31166 HTTP协议栈远程代码执行漏洞,相关参考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
CVE-2021-28476 Hyper-V远程执行代码漏洞,相关参考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 8.1 for x64-based systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
CVE-2021-31181、CVE-2021-28474 Microsoft SharePoint远程代码执行漏洞,相关参考:
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2021-31188 Windows Graphics Component权限提升漏洞,相关参考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31188
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
【漏洞描述】
根据分析,CVE-2021-31166,主要为HTTP协议栈远程代码执行漏洞,攻击者可以利用HTTP协议栈(HTTP.sys)向目标服务器发送构造的恶意数据包从而导致任意代码执行。
根据分析,CVE-2021-28476,主要为Hyper-V 远程代码执行漏洞,攻击者通过guest VM可以强制Hyper-V主机的内核读取任意可能无效的地址,读取的地址的内容不会返回给guest VM,在大多数情况下,由于读取未映射的地址,这将导致Hyper-V主机的服务被拒绝。在某些情况下漏洞利用成功后可在Hyper-V上执行任意代码。
根据分析,CVE-2021-31181,CVE-2021-28474,主要为Microsoft SharePoint远程执行代码漏洞,经过身份认证的攻击者可通过访问创建SharePoint站点利用该漏洞,实现在目标系统上执行任意代码。
根据分析CVE-2021-31188,主要为Windows Graphics Component Elevation提权漏洞,经过身份认证的本地攻击者可利用该漏洞以提升的权限在内核模式下执行任意代码。
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,建议及时测试安全更新补丁并应用安装和完善威胁识别、漏洞缓解措施。
目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability