2022年9月14日(北京时间),微软发布了安全更新,共发布了 64 个CVE 的补丁程序,同比上月增加了 57 个。
在漏洞安全等级方面,存在 5 个标记等级为 “Critical” 的漏洞,57 个漏洞被标记为 “Important”;在漏洞类型方面,主要有 31 个远程代码执行漏洞,18 个权限提升漏洞以及 6 个信息泄露漏洞。
漏洞数据分析
2022年漏洞数量趋势
图 1 2022年微软补丁漏洞修复情况
-
总体上来看,微软本月发布的补丁数量为 64 个,有 5 个 Critical 漏洞补丁。
-
千里目安全技术中心在综合考虑往年微软公布漏洞数量的数据统计和今年的特殊情况,初步估计微软在今年十月份公布的漏洞数将比九月略多。漏洞数量将会维持在 80 个左右。
历史微软补丁日9月漏洞对比
2019-2022年,9月份的漏洞数趋势如下图:
图 2 微软近年9月漏洞数量对比
2019-2022年,9月份的漏洞危险等级趋势和数量如下图:
图 3 微软近年9月漏洞危险等级对比
2019-2022年,9月份的漏洞各个类型数量对比如下图:
图 4 微软近年9月漏洞类型对比
-
从漏洞数量来看,今年相较去年少量减少。微软在2022年9月份爆发的漏洞相较于去年有少量的减少。本月出现了 64 个漏洞补丁,并且有 5 个 Critical 类型的漏洞补丁。
-
从漏洞的危险等级来看,相较去年 “Important” 等级的漏洞有少量减少, “Critical” 等级的漏洞有少量增加,近两年相对历史数据而言总体漏洞数量均有减少。从漏洞趋势上看,针对 Windows 系统本身的严重型和高危型漏洞数量增加,针对 Windows 产品侧的漏洞数量占据大多数。
-
从漏洞类型来看,RCE 类型的漏洞有少量增加,DoS类型的漏洞有大幅度的提升,EoP 类型的漏洞有少量减少,仍然需要引起高度重视,尤其是 RCE 漏洞在配合社工手段的前提下,甚至可以直接接管整个局域网并进行进一步扩展攻击。
重要漏洞分析
漏洞分析
Windows TCP/IP 远程代码执行漏洞 CVE-2022-34718
Windows TCP/IP是由微软公司实现的TCP/IP协议族,TCP/IP提供了点对点链接的机制,将数据应该如何封装、寻址、传输、路由以及在目的地如何接收,都加以标准化。它将软件通信过程抽象化为四个抽象层,采取协议堆栈的方式,分别实现出不同通信协议。协议族下的各种协议,依其功能不同,分别归属到这四个层次结构之中,常视为是简化的七层OSI模型。
Windows TCP/IP中存在远程代码执行漏洞,未经身份验证的攻击者可以将特制的 IPv6 数据包发送到启用了 IPSec 的 Windows 节点,在目标系统上执行任意代码。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows 高级本地进程通信ALPC 权限提升漏洞 CVE-2022-34725
本地过程调用LPC是一种由Windows NT内核提供的内部进程间通信方式。通过这一方式,同一计算机上的进程可以进行轻量的通信。在Windows Vista中,高级本地进程通信ALPC替代了LPC。ALPC提供了一个高速可度量的通信机制,这样便于实现需要在用户模式下高速通信的用户模式驱动程序框架。
Windows 高级本地进程通信ALPC中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows 图形设备接口GDI权限提升漏洞 CVE-2022-34729
Windows图形设备接口GDI是微软视窗系统提供的应用程序接口,也是其用来表征图形对象、将图形对象传送给诸如显示器、打印机之类输出设备的核心组件。GDI用来完成一些和绘制有关的工作,像直线或曲线的绘制,文字渲染,调色板控制。
Windows 图形设备接口GDI中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-35803 CVE-2022-37969
Windows通用日志文件系统CLFS是一个通用的日志文件系统,可以从内核模式或用户模式的应用程序访问,用以构建一个高性能的事务日志。CLFS可以用于数据日志与事件日志,自Windows Server 2003 R2引入,并包含在之后版本的Windows操作系统中。
Windows 通用日志文件系统驱动中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。其中CVE-2022-37969漏洞存在在野利用,该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
DirectX图形内核权限提升漏洞 CVE-2022-37954
DirectX是由微软公司创建的一系列专为多媒体以及游戏开发的应用程序接口。旗下包含Direct3D、Direct2D、DirectCompute等多个不同用途的子部分。DirectX被广泛用于Microsoft Windows、Microsoft Xbox电子游戏开发,并且只能支持这些平台。除了游戏开发之外,DirectX亦被用于开发许多虚拟三维图形相关软件。
DirectX图形内核中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows 内核权限提升漏洞 CVE-2022-37957
WindowsNT体系结构是指一系列微软设计及制造,由Windows NT所派生出的视窗操作系统架构,采用用户模式与内核模式的分层设计。Windows内核提供了处理I/O、对象管理、安全、进程管理、多处理器同步、线程、中断调度和分派、故障处理和例外分派的功能。内核还负责在启动时初始化设备驱动程序。
Windows 内核中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
影响范围
|
漏洞名称、CVE编号 |
受影响版本 |
|
Windows TCP/IP 远程代码执行漏洞 CVE-2022-34718 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
Windows 高级本地进程通信ALPC 权限提升漏洞 CVE-2022-34725 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
Windows 图形设备接口GDI权限提升漏洞 CVE-2022-34729 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-35803 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-37969 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
DirectX图形内核权限提升漏洞 CVE-2022-37954 |
Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2022 Azure Edition Core Hotpatch |
|
Windows 内核权限提升漏洞 CVE-2022-37957 |
Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) |
解决方案
1.官方修复建议
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:
1.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34718
2.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34725
3.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34729
4.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-35803
5.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37969
6.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37954
7.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37957
参考链接
https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
时间轴
2022/9/14
微软例行补丁日,微软官网发布安全公告。
2022/9/14
深信服千里目安全技术中心发布安全公告。
点击阅读原文,及时关注并登录深信服智安全平台,可轻松查询漏洞相关解决方案。
原文始发于微信公众号(深信服千里目安全实验室):【安全公告】微软补丁日安全通告|9月份
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论