​【漏洞预警】微软10月安全更新补丁和多个高危漏洞风险提示

发布者:系统管理员发布时间:2021-10-14浏览次数:0

微软10月安全更新补丁和多个高危漏洞风险提示

 

【漏洞公告】

20211012日,微软官方发布了10月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Exchange ServerMicrosoft OfficeMicrosoft EdgeWindows Hyper-VVisual Studio81个安全漏洞。其中包含3个严重和多个高危漏洞。请相关用户及时更新对应补丁修复漏洞。相关链接参考:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct

根据公告,此次更新中修复的Microsoft Exchange Server远程代码执行漏洞(CVE-2021-26427)、Microsoft Word远程代码执行漏洞(CVE-2021-40486)、Windows Hyper-V远程代码执行漏洞(CVE-2021-38672CVE-2021-40461)、Windows DNS 服务器远程代码执行漏洞(CVE-2021-40469)、Microsoft Win32k 权限提升漏洞(CVE-2021-40449CVE-2021-41357)等风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/

 

【影响范围】

CVE-2021-26427 Microsoft Exchange Server 远程代码执行漏洞:

Microsoft Exchange Server 2019 Cumulative Update 11

Microsoft Exchange Server 2019 Cumulative Update 10

Microsoft Exchange Server 2016 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 21

Microsoft Exchange Server 2013 Cumulative Update 23

CVE-2021-40486 Microsoft Word 远程代码执行漏洞:

Microsoft Word 2016 (64-bit edition)

Microsoft Word 2016 (32-bit edition)

Microsoft Word 2013 Service Pack 1 (64-bit editions)

Microsoft Word 2013 Service Pack 1 (32-bit editions)

Microsoft Word 2013 RT Service Pack 1

Microsoft SharePoint Server 2019

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Enterprise Server 2013 Service Pack 1

Microsoft Office Web Apps Server 2013 Service Pack 1

Microsoft Office Online Server

Microsoft Office 2019 for 64-bit editions

Microsoft Office 2019 for 32-bit editions

CVE-2021-38672 Windows Hyper-V远程代码执行漏洞:

Windows 11 for x64-based Systems

Windows Server 2022

Windows Server 2022 (Server Core installation)

CVE-2021-40461 Windows Hyper-V远程代码执行漏洞:

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 11 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-40469 Windows DNS服务器远程代码执行漏洞:

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-41357 Win32k权限提升漏洞:

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-40449 Win32k权限提升漏洞:

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

10月安全公告列表,包含的其他漏洞(非全部)快速阅读指引:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct

CVE-2021-26427|Microsoft Exchange Server远程代码执行漏洞

CVE-2021-26441|存储空间控制器提权漏洞

CVE-2021-37974|ChromiumCVE-2021-37974在安全浏览中释放后重利用

CVE-2021-37975|ChromiumCVE-2021-37975V8中释放后重利用

CVE-2021-37976|ChromiumCVE-2021-37976核心信息泄漏

CVE-2021-38662|Windows Fast FAT文件系统驱动程序信息泄露漏洞

CVE-2021-38663|Windows exFAT文件系统信息泄露漏洞

CVE-2021-38672|Windows Hyper-V远程代码执行漏洞

CVE-2021-40454|富文本编辑控制信息泄露漏洞

CVE-2021-40456|Windows AD FS 安全功能绕过漏洞

CVE-2021-40457|Microsoft Dynamics 365 Customer Engagement跨站点脚本漏洞

CVE-2021-40460|Windows远程过程调用运行时安全功能绕过漏洞

CVE-2021-40468|Windows绑定筛选器驱动程序信息泄露漏洞

CVE-2021-40469|Windows DNS服务器远程代码执行漏洞

CVE-2021-40471|Microsoft Excel远程代码执行漏洞

CVE-2021-40472|Microsoft Excel信息泄露漏洞

CVE-2021-40473|Microsoft Excel远程代码执行漏洞

CVE-2021-40474|Microsoft Excel远程代码执行漏洞

CVE-2021-40475|Windows 云文件迷你过滤器驱动程序信息泄露漏洞

CVE-2021-40479|Microsoft Excel远程代码执行漏洞

CVE-2021-40480|Microsoft Office Visio远程代码执行漏洞

CVE-2021-40481|Microsoft Office Visio远程代码执行漏洞

CVE-2021-40482|Microsoft SharePoint Server信息泄露漏洞

CVE-2021-40485|Microsoft Excel远程代码执行漏洞

CVE-2021-40486|Microsoft Word远程代码执行漏洞

CVE-2021-40487|Microsoft SharePoint Server远程代码执行漏洞

CVE-2021-40488|存储空间控制器提权漏洞

CVE-2021-40489|存储空间控制器提权漏洞

CVE-2021-41332|Windows打印后台处理程序信息泄露漏洞

CVE-2021-41336|Windows内核信息泄露漏洞

CVE-2021-41337|Active Directory安全功能绕过漏洞

CVE-2021-41342|Windows MSHTML平台远程代码执行漏洞

CVE-2021-41343|Windows Fast FAT文件系统驱动程序信息泄露漏洞

CVE-2021-41352|SCOM信息泄露漏洞

CVE-2021-41355|.NET CoreVisual Studio信息泄露漏洞

CVE-2021-41361|Active Directory联合服务器欺骗漏洞

CVE-2021-41363|Intune管理扩展安全功能绕过漏洞

 

【漏洞描述】

CVE-2021-26427 Microsoft Exchange Server远程代码执行漏洞,此漏洞的攻击在协议级别仅限于逻辑相邻的拓扑网络环境中,攻击中者可利用该漏洞对目标Exchange服务器发起攻击,成功利用该漏洞可在目标Exchange服务器上执行任意代码。

CVE-2021-40486 Microsoft Word远程代码执行漏洞,该漏洞允许攻击者在目标主机上远程执行代码,该漏洞利用需要用户交互,无需权限。需要注意的是,预览窗格为攻击途径之一。

CVE-2021-38672CVE-2021-40461 Windows Hyper-V 远程代码执行漏洞,在逻辑相邻的网络上具有低权限的攻击者可以利用该漏洞发送特制的请求并在目标系统上执行任意代码。利用该漏洞无需用户交互,但攻击复杂度高,微软的可利用性评估将其评为“不太可能被利用”。

CVE-2021-40469 Windows DNS 服务器远程代码执行漏洞,该漏洞无需用户交互即可远程利用,攻击复杂度低,所需权限高,此漏洞仅在服务器配置为DNS 服务器时才可利用。微软的可利用性评估将其评为“不太可能被利用”。

CVE-2021-40449CVE-2021-41357 Microsoft Win32k 权限提升漏洞,目前CVE-2021-40449可在野利用,该漏洞允许有低权限的攻击者在无需用户交互的情况下在目标主机上提升权限。利用该漏洞无需用户交互即可被本地利用。

 

【缓解措施】

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。

(一)Windows 自动更新:

Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击“开始菜单”或按Windows快捷键,点击进入“设置”

2、选择“更新和安全”,进入“Windows更新”(Windows 8Windows 8.1Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->Windows更新”)

3、选择“检查更新”,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability