登录

欢迎user新华三退出

国家 / 地区

  • 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们
docurl=/cn/Products___Technology/Products/IP_Security/Security_Research/Home/Notice/Notice/202112/1519545_30003_0.htm

微软八月补丁日安全通告

【发布时间:2021-12-30】

新华三攻防实验室

2021/08/11

1. 漏洞综述

1.1 漏洞背景

2021年08月11日,新华三攻防实验室威胁预警团队监测发现Microsoft官方发布了8月安全更新,此次安全更新共发布了44个漏洞,主要覆盖了以下组件:Remote Desktop Client、Microsoft SharePoint 、Windows NTLM,Windows Services for NFS ONCRPC XDR Driver、Windows TCP/IP和Microsoft Scripting Engine等。在此次更新的补丁中,有7个被微软标记为严重漏洞,37个被标记为高危漏洞。44个漏洞中,13个属于远程代码执行漏洞,8个属于信息泄露漏洞,2个为拒绝服务漏洞,4个属于欺骗利用漏洞,17个权限提升漏洞。

对此,新华三攻防实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。

1.2 重点漏洞

CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver远程代码执行漏洞

Windows NFS 服务的RPCXDR内核驱动程序中存在内存越界写入问题,从而导致其存在远程代码执行漏洞。未经授权的远程攻击者可以通过向Windows NFS 服务发送精心构造的恶意请求,即可执行任意代码。

CVE-2021-34480 Scripting引擎内存损坏漏洞

微软的Scripting引擎存在内存损坏漏洞,是由于Jscript引擎中存在任意指针引用导致。攻击者可以诱导受害者访问特制网站,从而触发内存损坏并实现任意代码执行。

CVE-2021-34535 远程桌面客户端远程代码执行漏洞

RDP存在越界问题导致远程代码执行漏洞。微软指出至少存在两种漏洞被利用的情况,一种是受害者通过远程桌面成功连接被攻击者控制的服务器后,攻击者即可在受害者客户端中实现远程代码执行;另一种情况是在Hyper-V中,运行恶意程序的guest VM可利用Hyper-V Viewer中存在的该漏洞实现guest-to-host RCE。由于该漏洞位于远程桌面客户端中,因此可利用场景较为受限。

CVE-2021-36947 Windows Print Spooler远程代码执行漏洞

Windows Print Spooler存在远程代码执行漏洞。低权限的攻击者可在服务器上执行任意代码。

CVE-2021-36942 Windows LSA欺骗漏洞

Windows 本地安全机构(LSA)存在欺骗漏洞,未经身份验证的攻击者可以调用LSARPC接口上的方法,并强制域控制器使用NTLM对另一台服务器进行身份验证。微软指出,此漏洞结合NTLM中继进行利用时,所产生危害较大。

CVE-2021-26424 Windows TCP/IP远程代码执行漏洞

该漏洞是由于TCPIP协议栈(TCPIP.sys)在处理IPv6数据包时存在边界错误导致恶意Hyper-V guest可通过向Hyper-V主机发送特制的ipv6 ping数据包,从而远程触发此漏洞,导致内存损坏并执行任意代码。

2. 影响范围

CVE编号

受影响版本

CVE-2021-26432

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-34480

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

CVE-2021-34535

Microsoft Remote Desktop

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

CVE-2021-36942

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-26424

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)

3. 处置方法

3.1官方补丁

目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug

3.2 新华三解决方案

1、新华三安全设备防护方案

新华三IPS规则库1.0.143版本将支持对CVE-2021-26432漏洞利用的识别,新华三全系安全产品可通过升级IPS特征库识别该漏洞的攻击流量。

2、新华三态势感知解决方案

新华三态势感知已支持该漏洞的检测,通过信息搜集整合、数据关联分析等综合研判手段,发现网络中遭受该漏洞攻击及失陷的资产。

3、新华三云安全能力中心解决方案

新华三云安全能力中心知识库已更新该漏洞信息,可查询对应漏洞产生原理、升级补丁、修复措施等。

新华三官网
联系我们