【漏洞预警】微软MSHTML远程代码执行0day风险提示

发布者:李雪娇发布时间:2021-09-09浏览次数:217

微软MSHTML远程代码执行0day风险提示:

 

【漏洞公告】

202197日,微软官方发布了安全公告,公告表示微软MSHTML引擎存在远程代码执行漏洞,漏洞编号CVE-2021-40444。该漏洞主要影响启用了ActiveX控件的用户,在一定条件下可实现远程代码执行,导致用户机器被黑客控制。

相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

 

【影响范围】

CVE-2021-40444主要影响以下Windows版本:

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2012 R2(Server Core installation)

Windows Server 2012 R2

Windows Server 2012(Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016(Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server,version 20H2(Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server,version 2004(Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server 2022(Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019(Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

【漏洞描述】

CVE-2021-40444:微软MSHTML引擎存在代码执行漏洞,攻击者通过精心制作包含恶意ActiveXOffcie文档,诱导用户打开,从而实现远程代码执行。当用户主机启用了ActiveX控件,攻击者可通过该漏洞控制受害者主机。

 

【缓解措施】

高危:目前部分漏洞细节虽未公开,但已监测到相关漏洞的野利用行为,请启用ActiveX控件的用户尽快采取安全措施。

目前微软暂未提供安全补丁用于修复此漏洞,但可以通过禁用ActiveX控件的方式进行缓解,操作过程如下:

1、将以下内容复制到文本文件中,并以.reg文件扩展名进行保存。

           Windows Registry Editor Version 5.00

           [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]

           1001=dword:00000003

           1004=dword:00000003

           [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]

          1001=dword:00000003

          1004=dword:00000003

          [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]

          1001=dword:00000003

          1004=dword:00000003

          [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]

          1001=dword:00000003

          1004=dword:00000003

2、双击运行该.reg文件,应用相关配置,然后重启计算机。