【安全通告】2022年1月“微软补丁日” 高危远程代码执行漏洞风险通告

2022-01-12 12:10:11 浏览数 (1)

腾讯云安全运营中心监测到, 微软发布了2022年1月的例行安全更新公告,共涉及漏洞数122个,其中严重级别漏洞9个,重要级别89个。本次发布涉及 Microsoft Windows,Microsoft Edge, Exchange Server, Microsoft Office , SharePoint Server, .NET Framework, Microsoft Dynamics, Windows Hyper-V, Windows Defender 等多个软件的安全更新。

为避免您的业务受影响,腾讯云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

漏洞详情

在此次公告中以下漏洞需要重点关注: CVE-2022-21907(HTTP 协议栈远程代码执行漏洞): 该漏洞被微软标记为“严重”。CVSS评分9.8。该漏洞允许攻击者利用HTTP协议栈 (http.sys) 构造特制数据包并发送到目标服务器来触发漏洞,由于该漏洞无需用户交互,无需身份验证即可触发,成功利用可导致蠕虫级的远程代码执行,危害极大,需重点关注。 CVE-2022-21846(Microsoft Exchange Server 远程代码执行漏洞): 该漏洞被微软标记为“严重”。CVSS评分9.0。但据官方描述,该漏洞需要攻击者与相关服务器处于协议级别的逻辑相邻拓扑。仅在内网失陷才可被利用,难度相对较高。 CVE-2022-21857(Active Directory 域服务特权提升漏洞): 该漏洞被微软标记为“严重”。CVSS评分8.8。该漏洞允许攻击者在特定条件下跨 Active Directory 信任边界提升特权。 其他需要关注的漏洞: CVE-2022-21840(Microsoft Office 远程代码执行漏洞): 攻击者需要通过向用户发送特制文件,并诱使用户打开来利用该漏洞,由于打开该文件时缺少对话框提示等告警,该漏洞被标记为严重。

风险等级

高风险

漏洞风险

攻击者利用该漏洞可导致远程代码执行等危害

影响版本

CVE-2022-21907: Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems CVE-2022-21846: Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2016 Cumulative Update 22 CVE-2022-21857: Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems

安全版本

微软2022年1月最新补丁

修复建议

官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本

对于CVE-2022-21907(HTTP 协议栈远程代码执行漏洞):

在 Windows Server 2019 和 Windows 10 版本 1809 中,由于包含该漏洞的 HTTP Trailer Support 功能默认未启用。只有当配置以下注册表项时才会受攻击,请用户检查以下配置:

代码语言:javascript复制
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters
"EnableTrailerSupport"=dword:00000001

【备注】:建议您在升级前做好数据备份工作,避免出现意外

漏洞参考

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan  

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907  

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846  

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21857  

END

更多精彩内容点击下方扫码关注哦~

   云鼎实验室视频号

  一分钟走进趣味科技

     -扫码关注我们-

关注云鼎实验室,获取更多安全情报

windows windowsserver linux 网络安全 安全

0 人点赞