【漏洞预警】微软7月安全更新补丁和多个高危漏洞风险提示

发布者:李雪娇发布时间:2022-07-21浏览次数:1447


【漏洞公告】

微软官方发布了7月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Windows IISWindows KernelWindows Active DirectoryMicrosoft OfficeMicrosoft Edge (Chromium-based)等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。相关链接参考

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

根据公告,此次更新中修复的Windows CSRSS 特权提升漏洞(CVE-2022-22047)、Windows 图形组件特权提升漏洞(CVE-2022-22034)、Windows 高级本地过程调用特权提升漏洞(CVE-2022-30202)、活动目录联合身份验证服务特权提升漏洞(CVE-2022-30215)、Windows Server 服务篡改漏洞(CVE-2022-30216)、Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2022-30220)风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/

 

【影响范围】

Windows CSRSS 特权提升漏洞(CVE-2022-22047

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

Windows 图形组件特权提升漏洞(CVE-2022-22034

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

Windows 高级本地过程调用特权提升漏洞(CVE-2022-30202

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

活动目录联合身份验证服务特权提升漏洞(CVE-2022-30215

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

 

Windows Server 服务篡改漏洞(CVE-2022-30216

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

 

Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2022-30220

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

7月安全公告列表,包含的其他漏洞快速阅读指引(非全部):

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

CVE-2022-33661|Azure Site Recovery 特权提升漏洞

CVE-2022-33674|Azure Site Recovery 特权提升漏洞

CVE-2022-33673|Azure Site Recovery 特权提升漏洞

CVE-2022-33650|Azure Site Recovery 特权提升漏洞

CVE-2022-33662|Azure Site Recovery 特权提升漏洞

CVE-2022-33672|Azure Site Recovery 特权提升漏洞

CVE-2022-33671|Azure Site Recovery 特权提升漏洞

CVE-2022-33669|Azure Site Recovery 特权提升漏洞

CVE-2022-33663|Azure Site Recovery 特权提升漏洞

CVE-2022-33664|Azure Site Recovery 特权提升漏洞

CVE-2022-33660|Azure Site Recovery 特权提升漏洞

CVE-2022-33668|Azure Site Recovery 特权提升漏洞

CVE-2022-33667|Azure Site Recovery 特权提升漏洞

CVE-2022-33675|Azure Site Recovery 特权提升漏洞

CVE-2022-33651|Azure Site Recovery 特权提升漏洞

CVE-2022-33652|Azure Site Recovery 特权提升漏洞

CVE-2022-33653|Azure Site Recovery 特权提升漏洞

CVE-2022-33659|Azure Site Recovery 特权提升漏洞

CVE-2022-30181|Azure Site Recovery 特权提升漏洞

CVE-2022-33641|Azure Site Recovery 特权提升漏洞

CVE-2022-33642|Azure Site Recovery 特权提升漏洞

CVE-2022-33643|Azure Site Recovery 特权提升漏洞

CVE-2022-33665|Azure Site Recovery 特权提升漏洞

CVE-2022-33658|Azure Site Recovery 特权提升漏洞

CVE-2022-33666|Azure Site Recovery 特权提升漏洞

CVE-2022-33656|Azure Site Recovery 特权提升漏洞

CVE-2022-33678|Azure Site Recovery 远程代码执行漏洞

CVE-2022-33677|Azure Site Recovery 特权提升漏洞

CVE-2022-33655|Azure Site Recovery 特权提升漏洞

CVE-2022-33676|Azure Site Recovery 远程代码执行漏洞

CVE-2022-33654|Azure Site Recovery 特权提升漏洞

CVE-2022-33657|Azure Site Recovery 特权提升漏洞

CVE-2022-30187|Azure 存储库信息泄露漏洞

CVE-2022-33637|Microsoft Defender 端点篡改漏洞

CVE-2022-30213|Windows GDI+ 信息泄露漏洞

CVE-2022-30221|Windows 图形组件远程代码执行漏洞

CVE-2022-22034|Windows 图形组件特权提升漏洞

CVE-2022-33632|Microsoft Office 安全功能绕过漏洞

CVE-2022-30214|Windows DNS 服务器远程执行代码漏洞

CVE-2022-22024|Windows 传真服务远程代码执行漏洞

CVE-2022-22027|Windows 传真服务远程代码执行漏洞

CVE-2022-30223|Windows Hyper-V 信息泄露漏洞

CVE-2022-22042|Windows Hyper-V 信息泄露漏洞

CVE-2022-33633|Skype for Business  Lync 远程代码执行漏洞

CVE-2022-30215|活动目录联合身份验证服务特权提升漏洞

CVE-2022-30202|Windows 高级本地过程调用特权提升漏洞

CVE-2022-30224|Windows 高级本地过程调用特权提升漏洞

CVE-2022-22037|Windows 高级本地过程调用特权提升漏洞

CVE-2022-22048|BitLocker 安全功能绕过漏洞

CVE-2022-22711|Windows BitLocker 信息泄露漏洞

CVE-2022-30203|Windows 启动管理器安全功能绕过漏洞

CVE-2022-22049|Windows CSRSS 特权提升

CVE-2022-22026|Windows CSRSS 特权提升

CVE-2022-22047|Windows CSRSS 特权提升

CVE-2022-30212|Windows 连接设备平台服务信息泄露漏洞

CVE-2022-22031|Windows Credential Guard 加入域的公钥提权漏洞

CVE-2022-22043|Windows 快速 FAT 文件系统驱动程序特权提升漏洞

CVE-2022-22050|Windows 传真服务特权提升漏洞

CVE-2022-30205|Windows 组策略特权提升漏洞

CVE-2022-22040|Internet 信息服务动态压缩模块拒绝服务漏洞

CVE-2022-30209|Windows IIS 服务器特权提升漏洞

CVE-2022-22025|Windows Internet Information Services Cachuri 模块拒绝服务漏洞

CVE-2022-21845|Windows 内核信息泄露漏洞

CVE-2022-22045|Windows.Devices.Picker.dll 特权提升漏洞

CVE-2022-30225|Windows Media Player 网络共享服务提权漏洞

CVE-2022-22039|Windows 网络文件系统远程代码执行漏洞

CVE-2022-22029|Windows 网络文件系统远程代码执行漏洞

CVE-2022-22028|Windows 网络文件系统信息泄露漏洞

CVE-2022-22036|Windows 特权提升漏洞的性能计数器

CVE-2022-30211|Windows  2 层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2022-22023|Windows 便携式设备枚举器服务安全功能绕过漏洞

CVE-2022-30206|Windows 后台打印程序特权提升漏洞

CVE-2022-30226|Windows 后台打印程序特权提升漏洞

CVE-2022-22022|Windows 后台打印程序特权提升漏洞

CVE-2022-22041|Windows 后台打印程序特权提升漏洞

CVE-2022-22038|Windows 远程过程调用运行时远程代码执行漏洞

CVE-2022-30208|Windows 安全帐户管理器 (SAM) 拒绝服务漏洞

CVE-2022-30216|Windows Server 服务篡改漏洞

CVE-2022-30222|Windows Shell 远程代码执行漏洞

CVE-2022-30220|Windows 通用日志文件系统驱动程序特权提升漏洞

 

 

【漏洞描述】

Windows CSRSS 特权提升漏洞(CVE-2022-22047)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

存在

Windows CSRSS模块中存在一处权限提升漏洞(CVE-2022-22047),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

Windows 图形组件特权提升漏洞(CVE-2022-22034)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows图形组件中存在一处权限提升漏洞(CVE-2022-22034),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上提升至 SYSTEM 权限。

 

Windows 高级本地过程调用特权提升漏洞(CVE-2022-30202)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows高级本地过程调用(ALPC)组件存在一处权限提升漏洞(CVE-2022-30202),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上提升至 SYSTEM 权限。

 

活动目录联合身份验证服务特权提升漏洞(CVE-2022-30215)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows活动目录联合服务(ADFS)存在一处权限提升漏洞(CVE-2022-30215),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上提升至 SYSTEM 权限。

 

Windows Server 服务篡改漏洞(CVE-2022-30216)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows Server服务中存在一处篡改漏洞(CVE-2022-30216),经过身份验证的攻击者可以远程将证书上传到服务器。

 

Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2022-30220)

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows通用日志文件系统(CLFS)模块存在一处权限提升漏洞(CVE-2022-30220),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上提升至 SYSTEM 权限。

 

【缓解措施】

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。

(一)Windows 更新:

自动更新:

Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击开始菜单或按Windows快捷键,点击进入设置”2、选择更新和安全,进入“Windows更新Windows 8Windows 8.1Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新,具体步骤为控制面板”->“系统和安全”->“Windows更新

3、选择检查更新,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录查看是否成功安装了更新。

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability