网络安全
微软安全更新补丁和多个高危漏洞风险提示
时间:2022年03月14日 11:19 来源: 作者: 最后编辑:网络信息中心

一、漏洞公告

微软官方发布了3月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Windows、Microsoft Office、Microsoft Exchange Server、Hyper-V、等92CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。

相关链接参考:https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar

根据公告,此次更新中修复的Microsoft Exchange Server 远程执行代码漏洞(CVE-2022-23277)、VP9 Video Extensions远程代码执行漏洞(CVE-2022-24501)、远程桌面客户端远程代码执行漏洞(CVE-2022-21990、CVE-2022-23285)、Windows SMBv3 客户端/服务器远程代码执行漏洞(CVE-2022-24508)风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。

相关链接参考:https://msrc.microsoft.com/update-guide/vulnerability/

二、影响范围

Microsoft Exchange Server 远程执行代码漏洞(CVE-2022-23277):

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11

VP9 Video Extensions远程代码执行漏洞(CVE-2022-24501):
VP9 Video Extensions

远程桌面客户端远程代码执行漏洞(CVE-2022-21990):
Remote Desktop client for Windows Desktop
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)

远程桌面客户端远程代码执行漏洞(CVE-2022-23285):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server, version 20H2 (Server Core Installation)

Windows SMBv3 客户端/服务器远程代码执行漏洞(CVE-2022-24508):
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server, version 20H2 (Server Core Installation)

3月安全公告列表,包含的其他漏洞快速阅读指引(非全部):

https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar

三、漏洞描述

Microsoft Exchange Server 远程执行代码漏洞(CVE-2022-23277):

该漏洞允许经过身份验证的攻击者通过构造恶意请求从而在目标Exchange服务器中执行任意代码。

VP9 Video Extensions远程代码执行漏洞(CVE-2022-24501):

攻击者可通过诱导受害者下载并打开精心构造的恶意文件触发该漏洞,从而导致恶意代码在受害者系统中执行

远程桌面客户端远程代码执行漏洞(CVE-2022-21990、CVE-2022-23285):

当受害者使用存在漏洞的远程桌面客户端连接到攻击者的服务器时,攻击者可利用该漏洞在目标RDP客户端计算机上触发远程代码执行。

Windows SMBv3 客户端/服务器远程代码执行漏洞(CVE-2022-24508):

Windows SMBv3 客户端/服务器存在远程代码执行漏洞,该漏洞存在于添加到 Windows 10 版本 2004 的新功能中,该漏洞主要影响较新版本的 Windows,旧版本的 Windows 不受影响。未经身份验证的攻击者可利用该漏洞远程攻击Windows SMBv3 客户端/服务器实现任意代码执行。

四、缓解措施

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。

(一)Windows 更新:

自动更新:

Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击“开始菜单”或按Windows快捷键,点击进入“设置”2、选择“更新和安全”,进入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->“Windows更新”)

3、选择“检查更新”,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability

Windows SMBv3 客户端/服务器远程代码执行漏洞(CVE-2022-24508)缓解措施:

可通过执行以下PowerShell命令阻止SMBv3漏洞利用(执行命令后无需重启):

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

来源:微软官网

 

 

地址:江西省南昌市新建区宏福大道2888号综合大楼1101A室 电话:0791-83659900

版权所有 @copy hbs02红宝石线路网络信息中心