【漏洞公告】
微软官方发布了5月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Windows、Microsoft Office、.NET Framework、Hyper-V等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。相关链接参考:
https://msrc.microsoft.com/update-guide/releaseNote/2022-May
根据公告,此次更新中修复的 Windows 远程桌面客户端远程代码执行漏洞(CVE-2022-22017)、Windows 点对点隧道协议远程代码执行漏洞(CVE-2022-23270)、Windows ALPC 特权提升漏洞(CVE-2022-23279)、Windows Active Directory 域服务特权提升漏洞 ( CVE-2022-26923)、Windows LSA 欺骗漏洞( CVE-2022-26925)、Windows 网络文件系统远程代码执行漏洞(CVE-2022-26937)风险较大,建议尽快安装安全更新补丁 或采取临时缓解措施加固系统。相关链接参考:
https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Windows 远程桌面客户端远程代码执行漏洞 (CVE-2022-22017):
Remote Desktop client for Windows Desktop
Windows 11 for ARM64-based Systems
Windows 11 for ×64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 点对点隧道协议远程代码执行漏洞(CVE-2022-23270):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10. Version 1607 for 32-bit Systems
Windows 10 Version 1607 for ×64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for ×64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for ×64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for ×64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for ×64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for ×64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows ALPC 特权提升漏洞(CVE-2022-23279):
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for ×64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for ×64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for ×64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for ×64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows Active Directory 域服务特权提升漏洞(CVE-2022-26923)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for ×64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for ×64-based Systems
Windows 10 Version 21H2 for 32- bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows LSA 欺骗漏洞 (CVE-2022-26925):
Windows 10 for 32-bit Systems
Windows 10 for ×64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for ×64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for ×64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for ×64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
Windows 网络文件系统远程代码执行漏洞(CVE-2022-26937):
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)
5月安全公告列表,包含的其他漏洞快速阅读指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2022-May
CVE-2022-291451.NET 和 Visual Studio 拒绝服务漏洞
CVE-2022-232671.NET 和 Visual Studio 拒绝服务漏洞
CVE-2022-291171.NET 和 Visual Studio 拒绝服务漏洞
CVE-2022-301301.NET Framework 拒绝服务漏洞
CVE-2022-21978/Microsoft Exchange Server 特权提升漏洞
CVE-2022-22011/Windows 图形组件信息泄露漏洞
CVE-2022-26934/Windows 图形组件信息泄露漏洞
CVE-2022-269271Windows 图形组件远程代码执行漏洞
CVE-2022-29112/ Windows 图形组件信息泄露漏洞
CVE-2022-26925/Windows LSA 欺骗漏洞
CVE-2022-29107Microsoft Office 安全功能绕过漏洞
CVE-2022-29110/Microsoft Excel 远程代码执行漏洞
CVE-2022-29109/ Microsoft Excel 远程代码执行漏洞
CVE-2022-29108Microsoft SharePoint Server 远程代码执行漏洞
CVE-2022-23279/Windows ALPC 特权提升漏洞
CVE-2022-26940/远程桌面协议客户端信息泄露漏洞
CVE-2022-220171远程桌面客户端远程代码执行漏洞
CVE-2022-29115/Windows 传真服务远程代码执行漏洞
CVE-2022-22713Windows Hyper-V 拒绝服务漏洞
CVE-2022-24466lWindows Hyper-V 安全功能绕过漏洞
CVE-2022-29106/Windows Hyper-V 共享虚拟磁盘特权提升漏洞
CVE-2022-29972lInsight 软件: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC 驱动程序
CVE-2022-30129/ Visual Studio Code 远程代码执行漏洞
CVE-2022-269231Active Directory 域服务特权提升漏洞
CVE-2022-26926/ Windows 通讯簿远程执行代码漏洞
CVE-2022-26913/Windows 身份验证安全功能绕过漏洞
CVE-2022-291271BtLocker 安全功能绕过漏洞
CVE-2022-29150/Windows 群集共享卷 (CSV)特杈提升漏洞
CVE-2022-29138(Windows 群集共享卷特权提升漏洞
CVE-2022-29123/Windows 群集共享卷信息泄露漏洞
CVE-2022-29134/Window$ 群集共享卷信息泄露漏洞
CVE-2022-29122IWindows 群集共享卷信息泄露漏洞
CVE-2022-29135/Windows 群集共享卷(CSV)特权提升漏洞
CVE-2022-29151/Windows 群集共享卷(CSV)特权提升漏洞
CVE-2022-29120IWindows 群集共享卷信息泄露漏洞
CVE-2022-291021Windows 故障转移群集信息泄露漏洞
CVE-2022-26931/Windows Kerberos 特权提升漏洞
CVE-2022-29116/Windows 内核信息泄露漏洞
CVE-2022-291421Windows 内核特权提升漏洞
CVE-2022-29133/Windows 内核特权提升漏洞
CVE-2022-291371Windows LDAP 远程代码执行漏洞
CVE-2022-29130IWindows LDAP 远程代码执行漏洞
CVE-2022-22012/Windows LDAP 远程代码执行漏洞
CVE-2022-29128(Windows LDAP 远程代码执行漏洞
CVE-2022-22014/Windows LDAP 远程代码执行漏洞
CVE-2022-22013Windows LDAP 远程代码执行漏洞
CVE-2022-29141Windows LDAP 远程代码执行漏洞
CVE-2022-29129lWindows LDAP 远程代码执行漏洞
CVE-2022-29139lWindows LDAP 远程代码执行漏洞
CVE-2022-22016/Windows PlayToanager 特权提升漏洞
CVE-2022-29113/Windows 数字媒体接收器特权提升漏洞
CVE-2022-29105lMicrosoft Windows Media Foundation 远程代码执行漏洞
CVE-2022-26937 Windows 网络文件系统远程代码执行漏洞
CVE-2022-26933IWindows NTFS 信息泄露漏河
CVE-2022-23270/点对点隧道协议远程代码执行漏洞
CVE-2022-21972/点对点隧道协议远程代码执行漏洞
CVE-2022-29114/Windows 后台打印程序信息泄露漏洞
CVE-2022-29140lWindows 后台打印程序信息泄露漏洞
CVE-2022-29104/Windows 后台打印程序特权提升漏洞
CVE-2022-291321Windows 后台打印程序特权提升漏洞
CVE-2022-291251Windows 推送通知应用程序特权提升漏洞
CVE-2022-291031Windows 远程访问连接管理器特权提升漏洞
CVE-2022-26930/Windows 远程访问连接管理器信息泄露漏洞
CVE-2022-22015lWindows 远程桌面协议 (RDP)信息泄露漏洞
CVE-2022-22019/远程过程调用运行时远程代码执行漏洞
CVE-2022-26936lWindows Server 服务信息泄露漏洞
CVE-2022-29121/Windows WLAN AutoConfig 服务拒绝服务漏洞
CVE-2022-26935/Windows WLAN AutoConfig 服务信息泄露漏洞
【漏洞描述】
Windows远程桌面客户端远程代码执行漏洞(CVE-2022-22017):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 未知 |
当受影响的远程桌面客户端连接到攻击者恶意的RDP服务器时,恶意的服务器可在受影响远程桌面客户端系统中执行任意代码。
Windows 点对点隧道协议远程代码执行漏洞(CVE-2022-23270):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 未知 |
未经身份验证的攻击者可以向RAS服务器发送特制的连接请求,这可能导致RAS服务器计算机上的远程代码执行,此漏洞需要攻击者赢得竞争条件下触发。
Windows ALPC 特权提升漏洞(CVE-2022-23279):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 未知 |
Windows Active Directory 域服务特权提升漏洞(CVE-2022-26923)
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 未知 |
该漏洞允许经过身份验证的用户可以操纵他们拥有或管理的计算机帐户的属性,并从Active Directory 证书服务获取允许提升权限的证书。
Windows LSA 欺骗漏洞 (CVE-2022-26925):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 是 |
该漏洞允许未经身份验证的攻击者可以调用LSARPC接口上的方法并强制域控制器使用NTLM向攻击者进行身份验证。
Windows 网络文件系统远程代码执行漏洞(CVE-2022-26937):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未知 | 未知 | 未知 |
该漏洞允许攻击者通过对网络文件系统(NFS)服务进行未经身份验证的特制调用以触发远程代码执行。
【缓解措施】
高危:目前漏洞细节星未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进—步开发漏洞利用代码,Microsoft 己发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。
(一)Windows 更新:
自动更新:
手动更新:
1、点击“开始菜单”或按 Windows 快捷键,点击进入“设置”
2、选择“更新和安全”,进入“Windows 更新”(Windows 8. Windows 8.1. Windows Server 2012以Windows Server 2012 R2可通过控制面板进入“ Windows 更新”,具体步骤为“控制面板”->“系统和安全”->“Windows 更新”)
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“ Windows 更新”->“查看更新历史记录” 查看是否成功安装了更新。
(二)目前微软针对支持的产品己发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。补丁获取:
https://msrc.microsoft.com/update-guide/vulnerability
Windows 网络文件系统远程代码执行漏洞 (CVE-2022-26937)临时缓解措施:
此漏洞在 NFSV4.1 中不可利用。在更新防止此漏洞的 windows 版本之前,您可以通过禁用 NFSV2 和NFSV3 来缓解攻击。
通过 Powershell 命今将禁用受影响的 NFS 版本:
PS C:\Set-NfsServerConfiguration-EnableNFSV2$false-EnableNFSV3$false
禁用之后需要重新启动NFS服务器或重新启动机器,重启NFS服务方法:
Nfsadmin server stop
Nfsadmin server start
确认NFS2NFS3已关闭,可在Powershell窗口中运行下命令:
PS C:\Get-NfsServerConfiguration
输出结果中EnableNFSv2和EnableNFSv3为False表示该版本NFS已经关闭。
要在修复后重新启用NFSv2/v3,请输入以下命令:
Set-NfsServerConfiguration-EnableNFSV2$True-EnableNFSV3$True