微软 7月份补丁日重点漏洞预警

Simon 2021-07-16
专栏 发布于 2021-07-16 10:34:40 阅读 222 评论 0

一、漏洞情况

7月13日,修复了Windows、Office、Exchange Server、SharePoint、DNS服务器、visual Studio、Hyper-v、以及Windows多个关键组件存在的117个安全漏洞,此次安全更新包含7月1号紧急发布的Windows Print Spooler远程代码执行漏洞(CVE-2021-34527)。其中漏洞编号:CVE-2021-34448、CVE-2021-31979、CVE-2021-33771漏洞危害较大,且已检测到在野利用。目前厂商已发布漏洞修复补丁,建议广大用户及时下载并安装修复补丁进行防护,做好资产自查以及预防工作,以免遭受黑客攻击。

二、漏洞描述

根据漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

1. CVE-2021-34448 Windows脚本引擎内存破坏漏洞

该漏洞是由于在处理微软脚本引擎中HTML内容时存在边界错误。远程攻击者通过创建一个特殊构造的网页,诱导用户打开,从而触发内存破坏,实现在目标系统上执行任意代码。

2. CVE-2021-31979 Windows内核权限提升漏洞

该漏洞是由于Windows Kernel中存在边界错误。经过身份验证的本地攻击者通过运行特殊的程序触发内存破坏,成功利用该漏洞在目标系统上提升权限,实现任意代码执行。

3. CVE-2021-33771 Windows内核权限提升漏洞

该漏洞是由于Windows Kernel中存在边界错误。经过身份验证的本地攻击者通过运行特殊的程序触发内存破坏,成功利用该漏洞在目标系统上提升权限,实现任意代码执行。

三、影响范围

1. CVE-2021-34448 Windows脚本引擎内存破坏漏洞

  • Windows Server 2012 R2

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 for 32-bit Systems

  • Windows 10 Version 20H2 for ARM64-based Systems

  • Windows 10 Version 20H2 for 32-bit Systems

  • Windows 10 Version 20H2 for x64-based Systems

  • Windows 10 Version 2004 for x64-based Systems

  • Windows 10 Version 2004 for ARM64-based Systems

  • Windows 10 Version 2004 for 32-bit Systems

  • Windows 10 Version 21H1 for 32-bit Systems

  • Windows 10 Version 21H1 for ARM64-based Systems

  • Windows 10 Version 21H1 for x64-based Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows Server 2019

  • Windows Server 2012

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows RT 8.1

  • Windows 8.1 for x64-based systems

  • Windows 8.1 for 32-bit systems

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 7 for 32-bit Systems Service Pack 1

  • Windows Server 2016

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

2. CVE-2021-31979 Windows内核权限提升漏洞

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2012 R2

  • Windows Server 2012 (Server Core installation)

  • Windows Server 2012

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 for x64-based Systems Service Pack 2

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

  • Windows Server 2008 for 32-bit Systems Service Pack 2

  • Windows RT 8.1

  • Windows 8.1 for x64-based systems

  • Windows 8.1 for 32-bit systems

  • Windows 7 for x64-based Systems Service Pack 1

  • Windows 7 for 32-bit Systems Service Pack 1

  • Windows Server 2016

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 for 32-bit Systems

  • Windows Server, version 20H2 (Server Core Installation)

  • Windows 10 Version 20H2 for ARM64-based Systems

  • Windows 10 Version 20H2 for 32-bit Systems

  • Windows 10 Version 20H2 for x64-based Systems

  • Windows Server, version 2004 (Server Core installation)

  • Windows 10 Version 2004 for x64-based Systems

  • Windows 10 Version 2004 for ARM64-based Systems

  • Windows 10 Version 2004 for 32-bit Systems

  • Windows 10 Version 21H1 for 32-bit Systems

  • Windows 10 Version 21H1 for ARM64-based Systems

  • Windows 10 Version 21H1 for x64-based Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows Server 2019 (Server Core installation)

  • Windows Server 2019

3. CVE-2021-33771 Windows内核权限提升漏洞

  • Windows Server 2012 R2 (Server Core installation)

  • Windows Server 2012 R2

  • Windows RT 8.1

  • Windows 8.1 for x64-based systems

  • Windows 8.1 for 32-bit systems

  • Windows Server 2016 (Server Core installation)

  • Windows Server 2016

  • Windows 10 Version 1607 for x64-based Systems

  • Windows 10 Version 1607 for 32-bit Systems

  • Windows 10 for x64-based Systems

  • Windows 10 for 32-bit Systems

  • Windows Server, version 20H2 (Server Core Installation)

  • Windows 10 Version 20H2 for ARM64-based Systems

  • Windows 10 Version 20H2 for 32-bit Systems

  • Windows 10 Version 20H2 for x64-based Systems

  • Windows Server, version 2004 (Server Core installation)

  • Windows 10 Version 2004 for x64-based Systems

  • Windows 10 Version 2004 for ARM64-based Systems

  • Windows 10 Version 2004 for 32-bit Systems

  • Windows 10 Version 21H1 for 32-bit Systems

  • Windows 10 Version 21H1 for ARM64-based Systems

  • Windows 10 Version 21H1 for x64-based Systems

  • Windows 10 Version 1909 for ARM64-based Systems

  • Windows 10 Version 1909 for x64-based Systems

  • Windows 10 Version 1909 for 32-bit Systems

  • Windows Server 2019 (Server Core installation)

  • Windows Server 2019

  • Windows 10 Version 1809 for ARM64-based Systems

  • Windows 10 Version 1809 for x64-based Systems

  • Windows 10 Version 1809 for 32-bit Systems

四、安全建议

目前官方已修复该漏洞,建议受影响用户尽快安装修复补丁。

1. https://msrc.microsoft.com/update-guide/vu...

2. https://msrc.microsoft.com/update-guide/vu...

3. https://msrc.microsoft.com/update-guide/vu...

五、参考链接

https://msrc.microsoft.com/update-guide/re...

本作品采用《CC 协议》,转载必须注明作者和本文链接
讨论数量: 0
(= ̄ω ̄=)··· 暂无内容!
请勿发布不友善或者负能量的内容。与人为善,比聪明更重要!