微软8月安全更新补丁和多个高危漏洞风险提示

admin
admin
admin
101411
文章
87
评论
2021年9月3日07:38:54评论98 views字数 9317阅读31分3秒阅读模式
微软8月安全更新补丁和多个高危漏洞风险提示


漏洞公告

2021年8月10日,微软官方发布了8月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Windows、Dynamics、Office、.net 、Visual Studio等44个CVE。其中严重漏洞7个,高危漏洞37个。请相关用户及时更新对应补丁修复漏洞。相关链接参考:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug


根据公告,此次更新中修复的NFS ONCRPC XDR驱动的Windows 服务远程代码执行漏洞(CVE-2021-26432)、远程桌面客户端远程代码执行漏洞(CVE-2021-34535)、Windows Print Spooler远程代码执行漏洞(CVE-2021-36936)、Windows LSA 欺骗漏洞(CVE-2021-36942)、Windows Update Medic 服务提权漏洞(CVE-2021-36948)、Windows TCP/IP 远程代码执行漏洞(CVE-2021-26424),风险较大,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26424


影响范围


CVE-2021-26432 NFS ONCRPC XDR驱动的Windows服务远程代码执行漏洞:

影响范围:

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016  (Server Core installation)

Windows Server 2016


CVE-2021-34535 远程桌面客户端远程代码执行漏洞:

影响范围:

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Remote Desktop client for Windows Desktop

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows Server 2012 R2

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


CVE-2021-36936 Windows Print Spooler远程代码执行漏洞:

影响范围:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2


CVE-2021-36942 Windows LSA 欺骗漏洞:

影响范围:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server, version 2004 (Server Core installation)

Windows Server 2019  (Server Core installation)

Windows Server 2019


CVE-2021-36948 Windows Update Medic 服务提权漏洞:

影响范围:

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


CVE-2021-26424 Windows TCP/IP 远程代码执行漏洞:

影响范围:

Windows 7 for x64-based Systems Service Pack 1

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems


8月安全公告列表,包含的其他漏洞(非全部)快速阅读指引:

https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug


CVE-2021-26428|Azure Sphere 信息泄露漏洞

CVE-2021-26429|Azure Sphere 特权提升漏洞

CVE-2021-26430|Azure Sphere 拒绝服务漏洞

CVE-2021-26433|NFS ONCRPC XDR Driver 的 Windows 服务信息泄露漏洞

CVE-2021-34478|Microsoft Office 远程代码执行漏洞

CVE-2021-34485|.NET Core 和 Visual Studio 信息泄露漏洞

CVE-2021-34532|ASP.NET Core 和 Visual Studio 信息泄露漏洞

CVE-2021-36926|NFS ONCRPC XDR Driver 的 Windows 服务信息泄露漏洞

CVE-2021-36932|NFS ONCRPC XDR Driver 的 Windows 服务信息泄露漏洞

CVE-2021-36933|NFS ONCRPC XDR Driver 的 Windows 服务信息泄露漏洞

CVE-2021-36938|Windows Cryptographic Primitives Library 信息泄漏漏洞

CVE-2021-36941|Microsoft Word 远程代码执行漏洞

CVE-2021-36949|Microsoft Azure Active Directory Connect 身份验证绕过漏洞



漏洞描述

CVE-2021-26432 NFS ONCRPC XDR驱动的Windows服务远程代码执行漏洞:

NFS ONCRPC XDR驱动存在漏洞,未经身份验证的攻击者可远程利用该漏洞在目标主机上执行任意代码,可导致目标主机被攻击者控制。

 

CVE-2021-34535 远程桌面客户端远程代码执行漏洞:

该漏洞仅影响RDP客户端,当攻击者控制RDP服务器时可利用该漏洞通过远程桌面客户端在客户计算机上触发远程代码执行,造成客户端机器被入侵。

 

CVE-2021-36936  Windows Print Spooler远程代码执行漏洞:

Windows 打印后台处理程序存在远程代码执行漏洞,具备低权限的攻击者利用该漏洞可在目标主机远程执行任意代码,可导致目标主机被攻击者控制。

 

CVE-2021-36942 Windows LSA 欺骗漏洞:

该漏洞允许攻击者调用LSARPC接口的方法,使域控用NTLM对另一个服务器进行身份验证,该利用过程无需用户交互。

 

CVE-2021-36948 Windows Update Medic 服务提权漏洞:

Windows Update Medic存在权限提升漏洞,攻击者需要登录受影响的系统并运行特制的程序来提升权限。

 

CVE-2021-26424 Windows TCP/IP 远程代码执行漏洞:

Windows TCP/IP 存在远程代码执行漏洞,攻击者可通过发送ipv6 ping触发此漏洞,可在目标系统执行任意代码。


缓解措施

高危:目前部分漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,建议及时测试安全更新补丁并应用安装和完善威胁识别、漏洞缓解措施。


目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:

https://msrc.microsoft.com/update-guide/vulnerability


安恒应急响应中心

2021年08月





本文始发于微信公众号(安恒信息应急响应中心):微软8月安全更新补丁和多个高危漏洞风险提示

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年9月3日07:38:54
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   微软8月安全更新补丁和多个高危漏洞风险提示http://cn-sec.com/archives/454528.html

发表评论

匿名网友 填写信息