新华三攻防实验室
2021/12/15
2021年12月15日,新华三攻防实验室威胁预警团队监测发现Microsoft官方发布了12月安全更新,此次安全更新共发布了83个漏洞的补丁,包括7个重要漏洞,主要覆盖了以下组件:BizTalk ESB Toolkit、Microsoft Edge(基于 Chromium)、Microsoft Office Access、Windows DirectX、Windows Kernel、Windows Storage、Windows TCP/IP、远程桌面客户端等。在此次更新的补丁中,其中有7个被微软标记为严重漏洞,60个为高危漏洞。
对此,新华三攻防实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
恶意攻击者可以利用该漏洞创建恶意文件,然后将其修改为合法应用程序进行网络钓鱼活动,并且需要用户打开特制的附件才能攻击成功。该漏洞已被检测到在野利用(包括Emotet/Trickbot/Bazaloader 的恶意软件家族)。
Internet 存储名称服务 (iSNS) 协议用于 iSNS 服务器和 iSNS 客户端之间的交互。攻击者会向 iSNS服务器发送特殊的恶意请求,从而可能导致iSNS 服务器内存损坏,进而可能导致远程代码执行。
恶意攻击者通过发送特制的恶意数据,可能造成缓冲区溢出写入,从而导致未经身份验证的非沙盒代码执行。该漏洞并非需要使用EFS才能利用,如果EFS服务未运行,EFS接口会触发它的启动。
恶意攻击者通过诱导用户打开特制的钓鱼文件,从而可能在目标系统上以该用户的权限执行任意代码。此外,预览窗口并不能作为攻击媒介,用户可以通过Microsoft Store自动更新修复该漏洞。
Windows Mobile Device Management 存在特权提升漏洞,经过身份验证的恶意攻击者可以通过该漏洞在目标服务器上获得SYSTEM权限。恶意攻击者只能删除系统上的目标文件,不会获得查看或修改文件内容的特权。
CVE编号 | 受影响产品 |
CVE-2021-43890 | App Installer |
CVE-2021-43215 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2021-43217 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2021-43905 | Office app |
CVE-2021-43880 | Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems |
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Dec