​【漏洞预警】微软9月安全更新补丁和多个高危漏洞风险提示
发布人: 李雪娇 发布时间: 2022-09-16 作者: 访问次数: 469


【漏洞公告】

微软官方发布了9月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft OfficeWindows KernelMicrosoft Edge (Chromium-based)Hyper-VWindows Defender等多个CVE安全漏洞补丁。其中Windows common log file system driver权限提升漏洞(CVE-2022-35803)及Windows common log file system driver权限提升漏洞(CVE-2022-37969)由安恒信息发现并报送。请相关用户及时更新对应补丁修复漏洞。参考链接:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

根据公告,此次更新中修复的Windows TCP/IP 远程代码执行漏洞(CVE-2022-34718)、Windows ALPC 特权提升漏洞(CVE-2022-34725)、Windows GDI 特权提升漏洞(CVE-2022-34729)、Windows common log file system driver权限提升漏洞(CVE-2022-35803)、DirectX Graphics Kernel特权提升漏洞(CVE-2022-37954)、Windows common log file system driver权限提升漏洞(CVE-2022-37969)、Windows 内核特权提升漏洞(CVE-2022-37957)风险较大。建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/

 

【影响范围】

受影响版本:

Windows TCP/IP 远程代码执行漏洞(CVE-2022-34718

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

 

Windows ALPC 特权提升漏洞(CVE-2022-34725

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

 

Windows GDI 特权提升漏洞(CVE-2022-34729

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

 

Windows common log file system driver权限提升漏洞(CVE-2022-35803

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

 

DirectX Graphics Kernel特权提升漏洞(CVE-2022-37954

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

 

Windows common log file system driver权限提升漏洞(CVE-2022-37969

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

Windows 内核特权提升漏洞(CVE-2022-37957

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

 

9月安全公告列表,包含的其他漏洞快速阅读指引(非全部):

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

CVE-2022-26929 | .NET Framework 远程代码执行漏洞

CVE-2022-38007 | Azure 来宾配置和启用 Azure Arc 的服务器特权提升漏洞

CVE-2022-23960 | Arm:CVE-2022-23960 缓存推测限制漏洞

CVE-2022-35805 | Microsoft Dynamics 365 (on-premises) 远程代码执行漏洞

CVE-2022-34700 | Microsoft Dynamics 365 (on-premises) 远程代码执行漏洞

CVE-2022-3044 | Chromium:CVE-2022-3044 站点隔离中的不当实施

CVE-2022-3045 | Chromium:CVE-2022-3045 V8 中不受信任的输入验证不足

CVE-2022-3040 | Chromium:CVE-2022-3040 在布局中释放后使用

CVE-2022-3047 | Chromium:CVE-2022-3047 扩展 API 中的策略执行不足

CVE-2022-3053 | Chromium:CVE-2022-3053 指针锁中的不当实现

CVE-2022-3054 | Chromium:CVE-2022-3054 DevTools 中的策略执行不足

CVE-2022-3039 | Chromium:CVE-2022-3039  WebSQL 中释放后使用

CVE-2022-3057 | Chromium:CVE-2022-3057 iframe 沙盒中的不当实施

CVE-2022-3056 | Chromium:CVE-2022-3056 内容安全策略中的策略执行不足

CVE-2022-3041 | Chromium:CVE-2022-3041  WebSQL 中释放后使用

CVE-2022-38012 | Microsoft Edge(基于 Chromium)远程代码执行漏洞

CVE-2022-3038 | Chromium:CVE-2022-3038 在网络服务中免费使用

CVE-2022-3058 | Chromium:CVE-2022-3058 在登录流程中免费使用

CVE-2022-3075 | Chromium:CVE-2022-3075 Mojo 中的数据验证不足

CVE-2022-3055 | Chromium:CVE-2022-3055 在密码中免费使用

CVE-2022-3046 | Chromium:CVE-2022-3046 在浏览器标签中释放后使用

CVE-2022-38006 | Windows 图形组件信息泄露漏洞

CVE-2022-34729 | Windows GDI 特权提升漏洞

CVE-2022-34728 | Windows 图形组件信息泄露漏洞

CVE-2022-37954 |  DirectX Graphics Kernel提权漏洞

CVE-2022-35837 | Windows 图形组件信息泄露漏洞

CVE-2022-37962 | Microsoft PowerPoint 远程执行代码漏洞

CVE-2022-35823 | Microsoft SharePoint 远程代码执行漏洞

CVE-2022-37961 | Microsoft SharePoint Server 远程代码执行漏洞

CVE-2022-38009 | Microsoft SharePoint Server 远程代码执行漏洞

CVE-2022-38008 | Microsoft SharePoint Server 远程代码执行漏洞

CVE-2022-37963 | Microsoft Office Visio 远程代码执行漏洞

CVE-2022-38010 | Microsoft Office Visio 远程代码执行漏洞

CVE-2022-34725 | Windows ALPC 特权提升漏洞

CVE-2022-38011 | 原始图像扩展远程代码执行漏洞

CVE-2022-38019 | AV1视频扩展远程代码执行漏洞

CVE-2022-37959 | 网络设备注册服务 (NDES) 安全功能绕过漏洞

CVE-2022-38004 | Windows 传真服务远程代码执行漏洞

CVE-2022-37958 | SPNEGO 扩展协商 (NEGOEX) 安全机制信息泄露漏洞

CVE-2022-38020 | Visual Studio Code 特权提升漏洞

CVE-2022-35803 | Windows 通用日志文件系统驱动程序特权提升漏洞

CVE-2022-37969 | Windows 通用日志文件系统驱动程序特权提升漏洞

CVE-2022-30170 | Windows 凭据漫游服务特权提升漏洞

CVE-2022-35828 | Microsoft Defender for Endpoint for Mac 特权提升漏洞

CVE-2022-34719 | Windows 分布式文件系统 (DFS) 特权提升漏洞

CVE-2022-34723 | Windows DPAPI(数据保护应用程序编程接口)信息泄露漏洞

CVE-2022-35841 | Windows企业应用管理服务远程代码执行漏洞

CVE-2022-37955 | Windows 组策略特权提升漏洞

CVE-2022-34721 | Windows Internet 密钥交换 (IKE) 协议扩展远程代码执行漏洞

CVE-2022-34722 | Windows Internet 密钥交换 (IKE) 协议扩展远程代码执行漏洞

CVE-2022-33679 | Windows Kerberos 特权提升漏洞

CVE-2022-33647 | Windows Kerberos 特权提升漏洞

CVE-2022-37957 | Windows 内核特权提升漏洞

CVE-2022-37956 | Windows 内核特权提升漏洞

CVE-2022-30200 | Windows 轻量级目录访问协议 (LDAP) 远程代码执行漏洞

CVE-2022-34726 | Microsoft ODBC 驱动程序远程执行代码漏洞

CVE-2022-34727 | Microsoft ODBC 驱动程序远程执行代码漏洞

CVE-2022-34730 | Microsoft ODBC 驱动程序远程执行代码漏洞

CVE-2022-34732 | Microsoft ODBC 驱动程序远程执行代码漏洞

CVE-2022-34734 | Microsoft ODBC 驱动程序远程执行代码漏洞

CVE-2022-35840 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞

CVE-2022-35834 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞

CVE-2022-35835 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞

CVE-2022-35836 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞

CVE-2022-34733 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞 

CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server 远程代码执行漏洞

CVE-2022-26928 | Windows Photo Import API特权提升漏洞

CVE-2022-38005 | Windows 后台打印程序特权提升漏洞

CVE-2022-35831 | Windows 远程访问连接管理器信息泄露漏洞

CVE-2022-35830 | Remote Procedure Call Runtime远程代码执行漏洞

CVE-2022-34718 | Windows TCP/IP 远程代码执行漏洞 

CVE-2022-30196 | Windows Secure Channel拒绝服务漏洞

 

【漏洞描述】

Windows TCP/IP 远程代码执行漏洞(CVE-2022-34718):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows TCP/IP中存在一处远程代码执行漏洞(CVE-2022-34718),未经身份验证的攻击者可以将特制的 IPv6 数据包发送到启用了 IPSec  Windows 节点,成功利用此漏洞的攻击者可以在该计算机上实现远程代码执行。

 

Windows ALPC 特权提升漏洞(CVE-2022-34725):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows ALPC中存在一处特权提升漏洞(CVE-2022-34725),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

Windows GDI 特权提升漏洞(CVE-2022-34729):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows GDI中存在一处特权提升漏洞(CVE-2022-34729),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

Windows common log file system driver权限提升漏洞(CVE-2022-35803):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows common log file system driver权限提升漏洞(CVE-2022-35803),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

DirectX Graphics Kernel特权提升漏洞(CVE-2022-37954):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

DirectX Graphics Kernel中存在一处特权提升漏洞(CVE-2022-37954),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

Windows common log file system driver权限提升漏洞(CVE-2022-37969):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows common log file system driver中存在一处特权提升漏洞(CVE-2022-37969),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

Windows 内核特权提升漏洞(CVE-2022-37957):

细节是否公开

POC状态

EXP状态

在野利用

未知

未知

未知

Windows 内核中存在一处特权提升漏洞(CVE-2022-37957),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM权限执行任意代码。

 

【缓解措施】

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。

(一)Windows 更新:

自动更新:

Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击“开始菜单”或按Windows快捷键,点击进入“设置”2、选择“更新和安全”,进入“Windows更新”(Windows 8Windows 8.1Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入Windows更新”,具体步骤为“控制面板”->“系统和安全”->Windows更新”)

3、选择“检查更新”,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入Windows更新->“查看更新历史记录”查看是否成功安装了更新。

 

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability

 

Windows TCP/IP 远程代码执行漏洞(CVE-2022-34718)临时缓解措施:

只有运行 IPSec 服务的系统才容易受到此攻击,如果在目标计算机上禁用了 IPv6,则系统不受影响。