新华三攻防实验室
2021/07/14
2021年07月14日,新华三攻防实验室威胁预警团队监测发现Microsoft官方发布了6月安全更新,此次安全更新共发布了117个漏洞的补丁,主要覆盖了以下组件:Windows操作系统、Microsoft SharePoint 和Windows 内核,Microsoft Exchange ,Microsoft Office, Windows DNS Server等。在此次更新的补丁中,有13个被微软标记为严重漏洞,103个被标记为高危漏洞。
对此,新华三攻防实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
Windows DNS 服务器处理DNS请求时存在缺陷,从而导致其存在远程代码执行漏洞。未经授权的远程攻击者可以通过向Windows DNS 服务端发送精心构造的恶意请求,就能在Windows DNS服务端执行任意代码。
微软的Scripting引擎存在释放后重利用漏洞,攻击者可以诱导受害者访问特制网站,就能再受影响的系统上已用户登录身份执行任意代码。微软官方指出,已发现该漏洞的在野利用情况,建议受影响用户尽快进行更新。
Windows内核存在远程代码执行漏洞,此漏洞会影响托管在具有单输入/输出虚拟化 ( SR-IOV ) 设备的虚拟机系统。该漏洞的CVSS 3.0评分高达9.9,漏洞利用复杂度低且无需进行交互即可利用,因此该漏洞极有可能被黑客进行利用,建议受影响用户尽快进行更新。
Microsoft SharePoint 服务器缺乏对用户请求的验证,导致存在远程代码执行漏洞。该漏洞需要经过身份验证后才能进行利用,经过身份认证后的远程攻击者可以利用此漏洞在目标Microsoft SharePoint服务器上执行任意代码。
该漏洞无需身份认证即可进行利用,攻击者可以利用此漏洞向Microsoft Exchange服务器发送恶意请求,伪造成Exchange Server的身份发起任意HTTP请求,对内网进行扫描,并获取Exchange的用户信息。
CVE编号 | 受影响版本 |
CVE-2021-33780 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 |
CVE-2021-34448 | Windows Server 2012 R2 Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2021-34458 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 |
CVE-2021-34467 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
CVE-2021-34473 | Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2016 Cumulative Update 20 |
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul
1、新华三安全设备防护方案
新华三IPS规则库1.0.139版本将支持对CVE-2021-34467、CVE-2021-34473和CVE-2021-34458漏洞利用的识别,新华三全系安全产品可通过升级IPS特征库识别该漏洞的攻击流量。
2、新华三态势感知解决方案
新华三态势感知已支持该漏洞的检测,通过信息搜集整合、数据关联分析等综合研判手段,发现网络中遭受该漏洞攻击及失陷的资产。
3、新华三云安全能力中心解决方案
新华三云安全能力中心知识库已更新该漏洞信息,可查询对应漏洞产生原理、升级补丁、修复措施等。