微软9月安全更新补丁和多个高危漏洞风险提示:
【漏洞公告】
2021年9月15日,微软官方发布了9月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Windows、Microsoft Office、Microsoft Edge、Visual Studio等86个安全漏洞。其中严重漏洞3个,高危漏洞62个。请相关用户及时更新对应补丁修复漏洞。相关链接参考:https://msrc.microsoft.com/update-guide/releaseNote/2021-Se
根据公告,此次更新中修复的Microsoft MSHTML 远程代码执行漏洞(CVE-2021-40444)、开放管理基础设施远程代码执行漏洞(CVE-2021-38647)、Windows WLAN AutoConfig 服务远程代码执行漏洞(CVE-2021-36965)、Windows 脚本引擎内存损坏漏洞(CVE-2021-26435)等风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26435
【影响范围】
CVE-2021-40444 Microsoft MSHTML 远程代码执行漏洞:
影响范围:
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-38647 开放管理基础设施远程代码执行漏洞:
影响范围:
Azure Open Management Infrastructure
CVE-2021-36965 Windows WLAN AutoConfig 服务远程代码执行漏洞:
影响范围:
Windows Server 2016
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-26435 Windows 脚本引擎内存损坏漏洞:
影响范围:
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
9月安全公告列表,包含的其他漏洞(非全部)快速阅读指引:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep
CVE-2021-40444|Microsoft MSHTML 远程代码执行漏洞
CVE-2021-36968|Windows DNS 特权提升漏洞
CVE-2021-38647|开放管理基础设施远程代码执行漏洞
CVE-2021-26435|Windows 脚本引擎内存损坏漏洞
CVE-2021-36965|Windows WLAN AutoConfig 服务远程代码执行漏洞
CVE-2021-36956|Azure Sphere 信息泄露漏洞
CVE-2021-38632|BitLocker 安全功能绕过漏洞
CVE-2021-38661|HEVC 视频扩展远程代码执行漏洞
CVE-2021-40448|针对 Android 信息披露漏洞的 Microsoft Accessibility Insights
CVE-2021-40440|Microsoft Dynamics Business Central 跨站脚本漏洞
CVE-2021-26436|Microsoft Edge(基于 Chromium)提权漏洞
CVE-2021-36930|Microsoft Edge(基于 Chromium)提权漏洞
CVE-2021-38669|Microsoft Edge(基于 Chromium)篡改漏洞
CVE-2021-38641|Microsoft Edge for Android 欺骗漏洞
CVE-2021-38642|Microsoft Edge for iOS 欺骗漏洞
CVE-2021-38655|Microsoft Excel 远程代码执行漏洞
CVE-2021-38644|Microsoft MPEG-2 视频扩展远程代码执行漏洞
CVE-2021-38646|Microsoft Office Access 连接引擎远程代码执行漏洞
CVE-2021-38657|Microsoft Office 图形组件信息泄露漏洞
CVE-2021-38658|Microsoft Office Graphics 远程代码执行漏洞
CVE-2021-38660|Microsoft Office Graphics 远程代码执行漏洞
CVE-2021-38659|Microsoft Office 远程代码执行漏洞
CVE-2021-38650|Microsoft Office 欺骗漏洞
CVE-2021-38653|Microsoft Office Visio 远程代码执行漏洞
CVE-2021-38654|Microsoft Office Visio 远程代码执行漏洞
CVE-2021-38651|Microsoft SharePoint Server 欺骗漏洞
CVE-2021-38652|Microsoft SharePoint Server 欺骗漏洞
CVE-2021-38634|Microsoft Windows Update 客户端提权漏洞
CVE-2021-38656|Microsoft Word 远程代码执行漏洞
CVE-2021-38645|开放式管理基础架构提权漏洞
CVE-2021-38648|开放式管理基础架构提权漏洞
CVE-2021-38649|开放式管理基础架构提权漏洞
CVE-2021-26437|Visual Studio 代码欺骗漏洞
CVE-2021-26434|Visual Studio 提权漏洞
CVE-2021-36952|Visual Studio 远程代码执行漏洞
CVE-2021-36975|Win32k提权漏洞
CVE-2021-38639|Win32k提权漏洞
CVE-2021-38628|WinSock提权漏洞的Windows辅助功能驱动
CVE-2021-38638|WinSock提权漏洞的Windows辅助功能驱动
CVE-2021-38629|WinSock 信息泄露漏洞的 Windows 辅助功能驱动程序
CVE-2021-36959|Windows Authenticode 欺骗漏洞
CVE-2021-36954|Windows Bind Filter 驱动提权漏洞
CVE-2021-36963|Windows 通用日志文件系统驱动程序提权漏洞
CVE-2021-36955|Windows 通用日志文件系统驱动程序提权漏洞
CVE-2021-38633|Windows 通用日志文件系统驱动程序提权漏洞
CVE-2021-36964|Windows 事件跟踪特权提升漏洞
CVE-2021-38630|Windows 事件跟踪特权提升漏洞
CVE-2021-36961|Windows Installer 拒绝服务漏洞
CVE-2021-36962|Windows Installer 信息泄露漏洞
CVE-2021-38625|Windows 内核提权漏洞
CVE-2021-38626|Windows 内核提权漏洞
CVE-2021-38624|Windows 密钥存储提供程序安全功能绕过漏洞
CVE-2021-38667|Windows 打印后台处理程序特权提升漏洞
CVE-2021-38671|Windows 打印后台处理程序特权提升漏洞
CVE-2021-40447|Windows 打印后台处理程序特权提升漏洞
CVE-2021-36969|Windows 重定向驱动器缓冲子系统驱动程序信息泄露漏洞
CVE-2021-38635|Windows 重定向驱动器缓冲子系统驱动程序信息泄露漏洞
CVE-2021-38636|Windows 重定向驱动器缓冲子系统驱动程序信息泄露漏洞
CVE-2021-36973|Windows 重定向驱动器缓冲系统提权漏洞
CVE-2021-36974|Windows SMB 提权漏洞
CVE-2021-36960|Windows SMB 信息泄露漏洞
CVE-2021-36972|Windows SMB 信息泄露漏洞
CVE-2021-38637|Windows 存储信息泄露漏洞
CVE-2021-36967|Windows WLAN AutoConfig 服务提权漏洞
【漏洞描述】
CVE-2021-40444 Microsoft MSHTML 远程代码执行漏洞,攻击者通过精心制作包含恶意ActiveX的Offcie文档,诱导用户打开,从而实现远程代码执行。当用户主机启用了ActiveX控件,攻击者可通过该漏洞控制受害者主机。
CVE-2021-38647 开放管理基础设施远程代码执行漏洞,某些 Azure 产品(例如 Configuration Management)公开了侦听 OMI 的 HTTP/S 端口(通常为端口 5986 )。这种启用 HTTP/S 侦听器的配置可以允许远程代码执行。攻击者可以通过 HTTPS 将特制的消息发送到在易受攻击的系统上侦听 OMI 的端口。
CVE-2021-36965 Windows WLAN AutoConfig 服务远程代码执行漏洞,该漏洞允许网络相邻的攻击者在受影响的系统上以系统级别运行其代码。
CVE-2021-26435 Windows 脚本引擎内存损坏漏洞,在电子邮件攻击情形中,攻击者可能通过向用户发送经特殊设计的文件并诱使用户打开该文件以利用此漏洞,基于Web 的攻击情形中,攻击者可能托管一个网站(或利用一个遭到入侵的网站来接受或托管用户提供的内容),其中包含一个经特殊设计的文件诱导用户点击链接远程执行代码。
【缓解措施】
高危:目前MSHTML远程代码执行漏洞利用代码已经公开,其他漏洞细节虽暂未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,建议及时测试安全更新补丁并应用安装和完善威胁识别、漏洞缓解措施。
目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability