【漏洞预警】微软8月安全更新补丁和多个高危漏洞风险
发布人: 李雪娇 发布时间: 2021-08-11 作者: 访问次数: 274

微软8月安全更新补丁和多个高危漏洞风险提示:

 

【漏洞公告】

2021810日,微软官方发布了8月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft WindowsDynamicsOffice.net Visual Studio44个安全漏洞。其中严重漏洞7个,高危漏洞37个。请相关用户及时更新对应补丁修复漏洞。相关链接参考:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug

根据公告,此次更新中修复的NFS ONCRPC XDR 驱动的Windows 服务远程代码执行漏洞(CVE-2021-26432)、远程桌面客户端远程代码执行漏洞(CVE-2021-34535)、Windows Print Spooler远程代码执行漏洞(CVE-2021-36936)、Windows LSA 欺骗漏洞(CVE-2021-36942)、Windows Update Medic 服务提权漏洞(CVE-2021-36948)、Windows TCP/IP 远程代码执行漏洞(CVE-2021-26424),风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26424

 

【影响范围】

CVE-2021-26432 NFS ONCRPC XDR驱动的Windows 服务远程代码执行漏洞:

影响范围:

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016  (Server Core installation)

Windows Server 2016

 

CVE-2021-34535 远程桌面客户端远程代码执行漏洞:

影响范围:

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Remote Desktop client for Windows Desktop

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows Server 2012 R2

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

CVE-2021-36936 Windows Print Spooler远程代码执行漏洞:

影响范围:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

 

CVE-2021-36942 Windows LSA 欺骗漏洞:

影响范围:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server, version 2004 (Server Core installation)

Windows Server 2019  (Server Core installation)

Windows Server 2019

 

CVE-2021-36948 Windows Update Medic 服务提权漏洞:

影响范围:

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

CVE-2021-26424 Windows TCP/IP 远程代码执行漏洞:

影响范围:

Windows 7 for x64-based Systems Service Pack 1

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

 

8月安全公告列表,包含的其他漏洞(非全部)快速阅读指引:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug

CVE-2021-26428|Azure Sphere 信息泄露漏洞

CVE-2021-26429|Azure Sphere 特权提升漏洞

CVE-2021-26430|Azure Sphere 拒绝服务漏洞

CVE-2021-26433|NFS ONCRPC XDR Driver Windows 服务信息泄露漏洞

CVE-2021-34478|Microsoft Office 远程代码执行漏洞

CVE-2021-34485|.NET Core Visual Studio 信息泄露漏洞

CVE-2021-34532|ASP.NET Core Visual Studio 信息泄露漏洞

CVE-2021-36926|NFS ONCRPC XDR Driver Windows 服务信息泄露漏洞

CVE-2021-36932|NFS ONCRPC XDR Driver Windows 服务信息泄露漏洞

CVE-2021-36933|NFS ONCRPC XDR Driver Windows 服务信息泄露漏洞

CVE-2021-36938|Windows Cryptographic Primitives Library 信息泄漏漏洞

CVE-2021-36941|Microsoft Word 远程代码执行漏洞

CVE-2021-36949|Microsoft Azure Active Directory Connect 身份验证绕过漏洞

 

【漏洞描述】

CVE-2021-26432 NFS ONCRPC XDR驱动的Windows 服务远程代码执行漏洞:

NFS ONCRPC XDR驱动存在漏洞,未经身份验证的攻击者可远程利用该漏洞在目标主机上执行任意代码,可导致目标主机被攻击者控制。

 

CVE-2021-34535 远程桌面客户端远程代码执行漏洞:

该漏洞仅影响RDP客户端,当攻击者控制RDP服务器时可利用该漏洞通过远程桌面客户端在客户计算机上触发远程代码执行,造成客户端机器被入侵。

 

CVE-2021-36936  Windows Print Spooler远程代码执行漏洞:

Windows 打印后台处理程序存在远程代码执行漏洞,具备低权限的攻击者利用该漏洞可在目标主机远程执行任意代码,可导致目标主机被攻击者控制

 

CVE-2021-36942 Windows LSA 欺骗漏洞:

该漏洞允许攻击者调用LSARPC接口的方法,使域控用NTLM对另一个服务器进行身份验证,该利用过程无需用户交互

 

CVE-2021-36948 Windows Update Medic 服务提权漏洞:

Windows Update Medic存在权限提升漏洞,攻击者需要登录受影响的系统并运行特制的程序来提升权限

 

CVE-2021-26424 Windows TCP/IP 远程代码执行漏洞:

Windows TCP/IP 存在远程代码执行漏洞,攻击者可通过发送ipv6 ping触发此漏洞,可在目标系统执行任意代码

 

【缓解措施】

高危:目前部分漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,建议及时测试安全更新补丁并应用安装和完善威胁识别、漏洞缓解措施。

目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability