​【漏洞预警】微软12月安全更新补丁和多个高危漏洞风险提示
发布人: 李雪娇 发布时间: 2022-12-16 作者: 访问次数: 138

【漏洞公告】

微软官方发布了12月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft OfficeWindows Hyper-VWindows KernelMicrosoft Edge (Chromium-based)Windows PowerShell等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。

参考链接:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

 

根据公告,此次更新中修复的Windows客户端服务器运行时子系统(CSRSS)特权提升漏洞(CVE-2022-44673)、Windows Bluetooth Driver特权提升漏洞(CVE-2022-44675Windows Kernel特权提升漏洞(CVE-2022-44683)、Windows SmartScreen安全功能绕过漏洞(CVE-2022-44698)风险较大。其中CVE-2022-44698 Windows SmartScreen安全功能绕过漏洞存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。

相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/

 

【影响范围】

Windows 客户端服务器运行时子系统(CSRSS)特权提升漏洞(CVE-2022-44673)

Windows 10 for 32-bit Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

 

Windows Bluetooth Driver 特权提升漏洞(CVE-2022-44675

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Datacenter: Azure Edition

 

Windows Kernel 特权提升漏洞(CVE-2022-44683

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Datacenter: Azure Edition

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

Windows SmartScreen 安全功能绕过漏洞(CVE-2022-44698

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Datacenter: Azure Edition

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

 

12月安全公告列表,包含的其他漏洞快速阅读指引(非全部):

https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec

CVE-2022-44699Azure Network Watcher 代理安全功能绕过漏洞

CVE-2022-44673Windows 客户端服务器运行时子系统 (CSRSS) 特权提升漏洞

CVE-2022-44674Windows Bluetooth Driver 信息泄露漏洞

CVE-2022-44675Windows Bluetooth Driver 特权提升漏洞

CVE-2022-41127Microsoft Dynamics NAV  Microsoft Dynamics

365 Business Central(本地)远程代码执行漏洞

CVE-2022-44708Microsoft Edge(基于 Chromium)特权提升漏洞

CVE-2022-44688Microsoft Edge(基于 Chromium)欺骗漏洞

CVE-2022-41115Microsoft Edge(基于 Chromium)更新特权提升漏洞

CVE-2022-41121Windows 图形组件特权提升漏洞

CVE-2022-44679Windows 图形组件信息泄露漏洞

CVE-2022-44680Windows 图形组件特权提升漏洞

CVE-2022-44671Windows 图形组件特权提升漏洞

CVE-2022-44697Windows 图形组件特权提升漏洞

CVE-2022-41074Windows 图形组件信息泄露漏洞

CVE-2022-44692Microsoft Office 图形远程代码执行漏洞

CVE-2022-44691Microsoft Office OneNote 远程代码执行漏洞

CVE-2022-44713Microsoft Outlook for Mac 欺骗漏洞

CVE-2022-44693Microsoft SharePoint Server 远程代码执行漏洞

CVE-2022-44690Microsoft SharePoint Server 远程代码执行漏洞

CVE-2022-44696Microsoft Office Visio 远程代码执行漏洞

CVE-2022-44694Microsoft Office Visio 远程代码执行漏洞

CVE-2022-44695Microsoft Office Visio 远程代码执行漏洞

CVE-2022-44687Raw Image Extension 远程代码执行漏洞

CVE-2022-44667Windows Media 远程代码执行漏洞

CVE-2022-44668Windows Media 远程代码执行漏洞

CVE-2022-41094Windows Hyper-V 特权提升漏洞

CVE-2022-44682Windows Hyper-V 拒绝服务漏洞

CVE-2022-44704Microsoft Windows Sysmon 特权提升漏洞

CVE-2022-44666Windows Contacts 远程代码执行漏洞

CVE-2022-44710DirectX Graphics Kernel 提权漏洞

CVE-2022-44669Windows Error Reporting 特权提升漏洞

CVE-2022-41077Windows Fax Compose Form 特权提升漏洞

CVE-2022-44678Windows Print Spooler 特权提升漏洞

CVE-2022-44683Windows Kernel 特权提升漏洞

CVE-2022-41076PowerShell 远程代码执行漏洞

CVE-2022-44681Windows Print Spooler 特权提升漏洞

CVE-2022-44677Windows Projected File 系统特权提升漏洞

CVE-2022-44670Windows 安全套接字隧道协议(SSTP)远程代码执行漏洞

CVE-2022-44676Windows 安全套接字隧道协议(SSTP)远程代码执行漏洞

CVE-2022-44698Windows SmartScreen 安全功能绕过漏洞

CVE-2022-44689|适用于 Linux  Windows 子系统(WSL2)内核特权提升漏洞

CVE-2022-44702Windows Terminal 远程代码执行漏洞

 

【漏洞描述】

Windows 客户端服务器运行时子系统 (CSRSS)特权提升漏洞(CVE-2022-44673):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows 客户端服务器运行时子系统 (CSRSS) 中存在一处特权提升漏洞(CVE-2022-44673),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。

 

Windows Bluetooth Driver 特权提升漏洞(CVE-2022-44675

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows Bluetooth Driver 中存在一处特权提升漏洞(CVE-2022-44675),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码

 

Windows Kernel 特权提升漏洞(CVE-2022-44683):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows Kernel 中存在一处特权提升漏洞(CVE-2022-44683),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM 权限执行任意代码。

 

Windows SmartScreen 安全功能绕过漏洞(CVE-2022-44698):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

存在

Windows SmartScreen 组件中存在一处安全功能绕过漏洞(CVE-2022-44698),攻击者可通过构造特定的文件来利用这个漏洞,成功利用此漏洞可使被下载的文件绕过文件安全保护功能。

 

【缓解措施】

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft 已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。

(一)Windows 更新:

自动更新:

Microsoft Update 默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击开始菜单或按 Windows 快捷键,点击进入设置

2、选择更新和安全,进入“Windows 更新Windows 8Windows 8.1Windows Server 2012 以及 Windows Server 2012 R2 可通过控制面板进入“Windows 更新,具体步骤为控制面板”->“系统和安全”->“Windows 更新

3、选择检查更新,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows 更新”->“查看更新历史记录查看是否成功安装了更新。

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability