点击上方蓝字关注我们!
2022年5月31日,嘉诚安全监测到Microsoft官方发布了Microsoft MSDT任意代码执行漏洞的安全风险通告,漏洞编号为:CNVD-2022-42150(CVE-2022-30190)。
微软支持诊断工具(MSDT,Microsoft Support Diagnostic Tool)是一种实用程序,用于排除故障并收集诊断数据,供专业人员分析和解决问题。Microsoft Office是由微软公司开发的一款常用办公软件。
鉴于漏洞危害较大,嘉诚安全提醒相关用户尽快采取缓解措施,避免引发漏洞相关的网络安全事件。
未经身份验证的攻击者利用该漏洞,诱使用户直接访问或者预览恶意的Office文档,通过恶意Office文档中的远程模板功能,从服务器获取包含恶意代码的HTML文件并执行,从而实现以当前用户权限下的任意代码执行攻击。该漏洞已知触发需要用户对恶意Office文档进行直接访问,或者在资源管理器中通过预览选项卡对RTF格式的恶意文档进行预览。
影响版本
-
Windows Server 2012 R2 (Server Core installation)
-
Windows Server 2012 R2
-
Windows Server 2012 (Server Core installation)
-
Windows Server 2012
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Coreinstallation)
-
Windows Server 2008 R2 for x64-based Systems Service Pack 1
-
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Coreinstallation)
-
Windows Server 2008 for x64-based Systems Service Pack 2
-
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
-
Windows Server 2008 for 32-bit Systems Service Pack 2
-
Windows RT 8.1
-
Windows 8.1 for x64-based systems
-
Windows 8.1 for 32-bit systems
-
Windows 7 for x64-based Systems Service Pack 1
-
Windows 7 for 32-bit Systems Service Pack 1
-
Windows Server 2016 (Server Core installation)
-
Windows Server 2016
-
Windows 10 Version 1607 for x64-based Systems
-
Windows 10 Version 1607 for 32-bit Systems
-
Windows 10 for x64-based Systems
-
Windows 10 for 32-bit Systems
-
Windows 10 Version 21H2 for x64-based Systems
-
Windows 10 Version 21H2 for ARM64-based Systems
-
Windows 10 Version 21H2 for 32-bit Systems
-
Windows 11 for ARM64-based Systems
-
Windows 11 for x64-based Systems
-
Windows Server, version 20H2 (Server Core Installation)
-
Windows 10 Version 20H2 for ARM64-based Systems
-
Windows 10 Version 20H2 for 32-bit Systems
-
Windows 10 Version 20H2 for x64-based Systems
-
Windows Server 2022 Azure Edition Core Hotpatch
-
Windows Server 2022 (Server Core installation)
-
Windows Server 2022
-
Windows 10 Version 21H1 for 32-bit Systems
-
Windows 10 Version 21H1 for ARM64-based Systems
-
Windows 10 Version 21H1 for x64-based Systems
-
Windows Server 2019 (Server Core installation)
-
Windows Server 2019
-
Windows 10 Version 1809 for ARM64-based Systems
-
Windows 10 Version 1809 for x64-based Systems
-
Windows 10 Version 1809 for 32-bit Systems
鉴于官方暂未发布漏洞补丁,用户可通过执行以下缓解方案避免受该漏洞影响:
1.警惕下载来路不明的文档,同时关闭预览窗格。
2.如果在您的环境中使用Microsoft Defender的Attack Surface Reduction(ASR)规则,则在Block模式下激活“阻止所有Office应用程序创建子进程”规则。若您还没有使用ASR规则,可先在Audit模式下运行规则,并监视其结果,以确保不会对用户造成不利影响。
3.禁用MSDT URL协议可防止故障排除程序作为链接启动,包括整个操作系统的链接。仍然可以使用“获取帮助”应用程序和系统设置中的其他或附加故障排除程序来访问故障排除程序。
原文始发于微信公众号(嘉诚安全):【安全资讯】Microsoft MSDT任意代码执行漏洞安全风险通告
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论