| 【漏洞预警】微软MSHTML远程代码执行0day风险提示 |
|
|
微软MSHTML远程代码执行0day风险提示:
【漏洞公告】 2021年9月7日,微软官方发布了安全公告,公告表示微软MSHTML引擎存在远程代码执行漏洞,漏洞编号CVE-2021-40444。该漏洞主要影响启用了ActiveX控件的用户,在一定条件下可实现远程代码执行,导致用户机器被黑客控制。 相关链接参考: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
【影响范围】 CVE-2021-40444主要影响以下Windows版本: Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2012 R2(Server Core installation) Windows Server 2012 R2 Windows Server 2012(Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016(Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server,version 20H2(Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server,version 2004(Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022(Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019(Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
【漏洞描述】 CVE-2021-40444:微软MSHTML引擎存在代码执行漏洞,攻击者通过精心制作包含恶意ActiveX的Offcie文档,诱导用户打开,从而实现远程代码执行。当用户主机启用了ActiveX控件,攻击者可通过该漏洞控制受害者主机。
【缓解措施】 高危:目前部分漏洞细节虽未公开,但已监测到相关漏洞的野利用行为,请启用ActiveX控件的用户尽快采取安全措施。 目前微软暂未提供安全补丁用于修复此漏洞,但可以通过禁用ActiveX控件的方式进行缓解,操作过程如下: 1、将以下内容复制到文本文件中,并以.reg文件扩展名进行保存。 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 1001=dword:00000003 1004=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 1001=dword:00000003 1004=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1001=dword:00000003 1004=dword:00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1001=dword:00000003 1004=dword:00000003 2、双击运行该.reg文件,应用相关配置,然后重启计算机。
|
 |
|
Copyright © 2014 East China University Science and Technology. All rights reserved 版权所有 © 2014 华东理工大学信息化办公室 |