0x00背景介绍
5月11日,天融信阿尔法实验室监测到微软发布5月份安全更新,此次更新共修复了79个漏洞,其中CVSS评分9.8分的严重漏洞3个,高危漏洞21个,中危漏洞29个,低危漏洞26个,微软官方建议用户尽快更新至安全版本。
0x01重点漏洞描述
-
CVE-2022-29130:
Windows LDAP远程代码执行漏洞,未经身份验证的攻击者可以向易受攻击的服务器发送特殊制作的请求。成功的利用可能导致攻击者的代码在SYSTEM账户的上下文中运行。该漏洞只有在MaxReceiveBuffer LDAP策略设置为高于默认值的值时,才可以被利用。具有此策略默认值的系统将不会受到攻击。
-
CVE-2022-26937:
Windows网络文件系统远程代码执行漏洞,攻击者可以通过网络文件系统(NFS)服务进行未经身份验证的、有针对性的调用来触发远程代码执行(RCE)。
-
CVE-2022-22012:
Windows LDAP远程代码执行漏洞,未经身份验证的攻击者可以向易受攻击的服务器发送特殊制作的请求。成功的利用可能导致攻击者的代码在SYSTEM账户的上下文中运行。该漏洞只有在MaxReceiveBuffer LDAP策略设置为高于默认值的值时,才可以被利用。具有此策略默认值的系统将不会受到攻击。
0x02受影响版本
-
CVE-2022-29130:
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 11 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based Systems
-
CVE-2022-26937:
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server, version 20H2 (Server Core Installation)Windows Server 2022 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2019
-
CVE-2022-22012:
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 11 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems
0x03临时修复建议
CVE-2022-26937:
此漏洞在NFSV4.1中不可利用。在更新可以防范此漏洞的Windows版本之前,您可以通过禁用NFSV2和NFSV3来减轻攻击。这可能会对你的生产环境造成负面影响,所以只能作为暂时的缓解措施。
下面的PowerShell命令将禁用这些版本:
PS C:Set-NfsServerConfiguration -EnableNFSV2 $false -EnableNFSV3 $false重新启动NFS服务器,以管理员身份运行cmd窗口,输入以下命令:
nfsadmin server stopnfsadmin server start
确认NFSv2和NFSv3已关闭,在Powershell窗口中运行以下命令:
PS C:Get-NfsServerConfiguration下面是示例输出,注意EnableNFSv2和EnableNFSv3现在是“False”:
State : RunningLogActivity :CharacterTranslationFile : Not ConfiguredDirectoryCacheSize (KB) : 128HideFilesBeginningInDot : DisabledEnableNFSV2 : FalseEnableNFSV3 : FalseEnableNFSV4 : TrueEnableAuthenticationRenewal : TrueAuthenticationRenewalIntervalSec : 600NlmGracePeriodSec : 45MountProtocol : {TCP, UDP}NfsProtocol : {TCP, UDP}NisProtocol : {TCP, UDP}NlmProtocol : {TCP, UDP}NsmProtocol : {TCP, UDP}PortmapProtocol : {TCP, UDP}MapServerProtocol : {TCP, UDP}PreserveInheritance : FalseNetgroupCacheTimeoutSec : 30UnmappedUserAccount :WorldAccount : EveryoneAlwaysOpenByName : FalseGracePeriodSec : 240LeasePeriodSec : 120OnlineTimeoutSec : 180
当机器打补丁时,重新启用NFSv2/v3,输入以下命令:
Set-NfsServerConfiguration -EnableNFSV2 $True -EnableNFSV3 $True在此之后,您将再次需要重新启动NFS服务器或重新启动机器。
0x04修复建议
微软官方已发布安全更新,建议用户尽快更新至安全版本,官方链接如下:
https://msrc.microsoft.com/update-guide
0x05声明
天融信阿尔法实验室拥有对此公告的修改和解释权,如欲转载,必须保证此公告的完整性。由于传播、利用此公告而造成的任何后果,均由使用者本人负责,天融信阿尔法实验室不为此承担任何责任。
天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。
天融信
阿尔法实验室
长按二维码关注我们
原文始发于微信公众号(天融信阿尔法实验室):【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论