【安全公告】微软补丁日安全通告|9月份

admin 2022年9月15日10:46:29安全漏洞评论4 views11939字阅读39分47秒阅读模式

【安全公告】微软补丁日安全通告|9月份


2022年9月14日(北京时间),微软发布了安全更新,共发布了 64 个CVE 的补丁程序,同比上月增加了 57 个。


在漏洞安全等级方面,存在 5 个标记等级为 “Critical” 的漏洞,57 个漏洞被标记为 “Important”;在漏洞类型方面,主要有 31 个远程代码执行漏洞,18 个权限提升漏洞以及 6 个信息泄露漏洞。



漏洞数据分析

【安全公告】微软补丁日安全通告|9月份

2022年漏洞数量趋势

【安全公告】微软补丁日安全通告|9月份

图 1 2022年微软补丁漏洞修复情况


  • 总体上来看,微软本月发布的补丁数量为 64 个,有 5 个 Critical 漏洞补丁。

  • 千里目安全技术中心在综合考虑往年微软公布漏洞数量的数据统计和今年的特殊情况,初步估计微软在今年十月份公布的漏洞数将比九月略多。漏洞数量将会维持在 80 个左右。

【安全公告】微软补丁日安全通告|9月份

历史微软补丁日9月漏洞对比


2019-2022年,9月份的漏洞数趋势如下图:


【安全公告】微软补丁日安全通告|9月份

图 2 微软近年9月漏洞数量对比


2019-2022年,9月份的漏洞危险等级趋势和数量如下图:


【安全公告】微软补丁日安全通告|9月份

图 3 微软近年9月漏洞危险等级对比


2019-2022年,9月份的漏洞各个类型数量对比如下图:


【安全公告】微软补丁日安全通告|9月份

图 4 微软近年9月漏洞类型对比


  • 从漏洞数量来看,今年相较去年少量减少。微软在2022年9月份爆发的漏洞相较于去年有少量的减少。本月出现了 64 个漏洞补丁,并且有 5 个 Critical 类型的漏洞补丁。


  • 从漏洞的危险等级来看,相较去年 “Important” 等级的漏洞有少量减少, “Critical” 等级的漏洞有少量增加,近两年相对历史数据而言总体漏洞数量均有减少。从漏洞趋势上看,针对 Windows 系统本身的严重型和高危型漏洞数量增加,针对 Windows 产品侧的漏洞数量占据大多数。


  • 从漏洞类型来看,RCE 类型的漏洞有少量增加,DoS类型的漏洞有大幅度的提升,EoP 类型的漏洞有少量减少,仍然需要引起高度重视,尤其是 RCE 漏洞在配合社工手段的前提下,甚至可以直接接管整个局域网并进行进一步扩展攻击。

重要漏洞分析

【安全公告】微软补丁日安全通告|9月份

漏洞分析

Windows TCP/IP 远程代码执行漏洞 CVE-2022-34718

Windows TCP/IP是由微软公司实现的TCP/IP协议族,TCP/IP提供了点对点链接的机制,将数据应该如何封装、寻址、传输、路由以及在目的地如何接收,都加以标准化。它将软件通信过程抽象化为四个抽象层,采取协议堆栈的方式,分别实现出不同通信协议。协议族下的各种协议,依其功能不同,分别归属到这四个层次结构之中,常视为是简化的七层OSI模型。

Windows TCP/IP中存在远程代码执行漏洞,未经身份验证的攻击者可以将特制的 IPv6 数据包发送到启用了 IPSec 的 Windows 节点,在目标系统上执行任意代码。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

Windows 高级本地进程通信ALPC 权限提升漏洞 CVE-2022-34725

本地过程调用LPC是一种由Windows NT内核提供的内部进程间通信方式。通过这一方式,同一计算机上的进程可以进行轻量的通信。在Windows Vista中,高级本地进程通信ALPC替代了LPC。ALPC提供了一个高速可度量的通信机制,这样便于实现需要在用户模式下高速通信的用户模式驱动程序框架。

Windows 高级本地进程通信ALPC中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

Windows 图形设备接口GDI权限提升漏洞 CVE-2022-34729

Windows图形设备接口GDI是微软视窗系统提供的应用程序接口,也是其用来表征图形对象、将图形对象传送给诸如显示器、打印机之类输出设备的核心组件。GDI用来完成一些和绘制有关的工作,像直线或曲线的绘制,文字渲染,调色板控制。

Windows 图形设备接口GDI中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-35803 CVE-2022-37969

Windows通用日志文件系统CLFS是一个通用的日志文件系统,可以从内核模式或用户模式的应用程序访问,用以构建一个高性能的事务日志。CLFS可以用于数据日志与事件日志,自Windows Server 2003 R2引入,并包含在之后版本的Windows操作系统中。

Windows 通用日志文件系统驱动中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。其中CVE-2022-37969漏洞存在在野利用,该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

DirectX图形内核权限提升漏洞 CVE-2022-37954

DirectX是由微软公司创建的一系列专为多媒体以及游戏开发的应用程序接口。旗下包含Direct3D、Direct2D、DirectCompute等多个不同用途的子部分。DirectX被广泛用于Microsoft Windows、Microsoft Xbox电子游戏开发,并且只能支持这些平台。除了游戏开发之外,DirectX亦被用于开发许多虚拟三维图形相关软件。

DirectX图形内核中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

Windows 内核权限提升漏洞 CVE-2022-37957

WindowsNT体系结构是指一系列微软设计及制造,由Windows NT所派生出的视窗操作系统架构,采用用户模式与内核模式的分层设计。Windows内核提供了处理I/O、对象管理、安全、进程管理、多处理器同步、线程、中断调度和分派、故障处理和例外分派的功能。内核还负责在启动时初始化设备驱动程序。

Windows 内核中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。该漏洞经过评估,危害比较大,我们建议用户及时更新微软安全补丁。

【安全公告】微软补丁日安全通告|9月份

影响范围



漏洞名称、CVE编号

受影响版本

Windows TCP/IP 远程代码执行漏洞 CVE-2022-34718

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

Windows 高级本地进程通信ALPC 权限提升漏洞 CVE-2022-34725

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

Windows 图形设备接口GDI权限提升漏洞 CVE-2022-34729

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-35803

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

Windows 通用日志文件系统驱动权限提升漏洞 CVE-2022-37969

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

DirectX图形内核权限提升漏洞 CVE-2022-37954

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022 Azure Edition Core Hotpatch

Windows 内核权限提升漏洞 CVE-2022-37957

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

解决方案

【安全公告】微软补丁日安全通告|9月份

1.官方修复建议

微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:

1.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34718

2.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34725

3.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-34729

4.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-35803

5.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37969

6.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37954

7.https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-37957




参考链接

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep

时间轴


2022/9/14

微软例行补丁日,微软官网发布安全公告。

2022/9/14 

深信服千里目安全技术中心发布安全公告。



点击阅读原文,及时关注并登录深信服智安全平台,可轻松查询漏洞相关解决方案。

【安全公告】微软补丁日安全通告|9月份


【安全公告】微软补丁日安全通告|9月份

原文始发于微信公众号(深信服千里目安全实验室):【安全公告】微软补丁日安全通告|9月份

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年9月15日10:46:29
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  【安全公告】微软补丁日安全通告|9月份 http://cn-sec.com/archives/1297023.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: