微软4月安全更新补丁和多个高危漏洞风险提示

2022年4月13日22:22:00评论508 views字数 18540阅读61分48秒阅读模式

漏洞公告

微软官方发布了4月安全更新公告，包含了微软家族多个软件的安全更新补丁，包括：Microsoft Windows、Microsoft Office、.NET Framework、Hyper-V等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。相关链接参考：

https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr

根据公告，此次更新中修复的Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2022-24481、CVE-2022-24521)、Windows 网络文件系统远程代码执行漏洞(CVE-2022-24491、CVE-2022-24497)、远程过程调用运行时远程代码执行漏洞(CVE-2022-26809)、Windows 用户配置文件服务特权提升漏洞(CVE-2022-26904)风险较大，建议尽快安装安全更新补丁或采取临时缓解措施加固系统。相关链接参考：

https://msrc.microsoft.com/update-guide/vulnerability/

一

影响范围

Windows 通用日志文件系统驱动程序特权提升漏洞（CVE-2022-24481）：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 通用日志文件系统驱动程序特权提升漏洞（CVE-2022-24521）：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 网络文件系统远程代码执行漏洞（CVE-2022-24491）：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 网络文件系统远程代码执行漏洞（CVE-2022-24497）：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows远程过程调用运行时远程代码执行漏洞（CVE-2022-26809）：

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows 11 for ARM64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 11 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 用户配置文件服务特权提升漏洞（CVE-2022-26904）：

Windows Server 2012 R2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

4月安全公告列表，包含的其他漏洞快速阅读指引（非全部）：

https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr

CVE-2022-26832|.NET Framework 拒绝服务漏洞

CVE-2022-26814|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26817|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26907|Azure SDK for .NET 信息泄露漏洞

CVE-2022-26898|Azure Site Recovery 远程代码执行漏洞

CVE-2022-26897|Azure Site Recovery 特权提升漏洞

CVE-2022-26896|Azure Site Recovery 特权提升漏洞

CVE-2022-26831|Windows LDAP 拒绝服务漏洞

CVE-2022-26919|Windows LDAP 远程代码执行漏洞

CVE-2022-26828|Windows 蓝牙驱动程序特权提升漏洞

CVE-2022-23259|Microsoft Dynamics 365 (on-premises) 远程代码执行漏洞

CVE-2022-24523|Microsoft Edge（基于 Chromium）欺骗漏洞

CVE-2022-24475|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26900|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26912|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26909|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26908|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26895|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26894|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26891|Microsoft Edge（基于 Chromium）特权提升漏洞

CVE-2022-26903|Windows 图形组件远程代码执行漏洞

CVE-2022-26920|Windows 图形组件信息泄露漏洞

CVE-2022-24493|Microsoft 本地安全机构 (LSA) 服务器信息泄露漏洞

CVE-2022-26901|Microsoft Excel 远程代码执行漏洞

CVE-2022-24473|Microsoft Excel 远程代码执行漏洞

CVE-2022-24472|Microsoft SharePoint Server 欺骗漏洞

CVE-2022-24482|Windows ALPC 特权提升漏洞

CVE-2022-24540|Windows ALPC 特权提升漏洞

CVE-2022-24532|HEVC 视频扩展远程代码执行漏洞

CVE-2022-24495|Windows Direct Show - 远程代码执行漏洞

CVE-2022-23292|Microsoft Power BI 欺骗漏洞

CVE-2022-26829|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26826|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26825|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26824|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26823|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26822|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26821|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26820|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26812|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26813|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26811|Windows DNS 服务器远程执行代码漏洞

CVE-2022-24536|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26818|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26815|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26819|Windows DNS 服务器远程执行代码漏洞

CVE-2022-26816|Windows DNS 服务器信息泄露漏洞

CVE-2022-24537|Windows Hyper-V 远程执行代码漏洞

CVE-2022-24490|Windows Hyper-V 共享虚拟硬盘信息泄露漏洞

CVE-2022-24539|Windows Hyper-V 共享虚拟硬盘信息泄露漏洞

CVE-2022-26783|Windows Hyper-V 共享虚拟硬盘信息泄露漏洞

CVE-2022-26785|Windows Hyper-V 共享虚拟硬盘信息泄露漏洞

CVE-2022-22008|Windows Hyper-V 远程执行代码漏洞

CVE-2022-22009|Windows Hyper-V 远程执行代码漏洞

CVE-2022-23257|Windows Hyper-V 远程执行代码漏洞

CVE-2022-23268|Windows Hyper-V 拒绝服务漏洞

CVE-2022-26911|Skype for Business 信息泄露漏洞

CVE-2022-26910|Skype for Business 和 Lync 欺骗漏洞

CVE-2022-24767|GitHub：Git for Windows 的卸载程序在 SYSTEM 用户帐户下运行时容易受到 DLL 劫持

CVE-2022-24513|Visual Studio 特权提升漏洞

CVE-2022-24765|GitHub：在 Git for Windows 中不受控制地搜索 Git 目录

CVE-2022-26921|Visual Studio Code 特权提升漏洞

CVE-2022-24494|WinSock 特权提升漏洞的 Windows 辅助功能驱动程序

CVE-2022-24488|Windows 桌面桥特权提升漏洞

CVE-2022-24549|Windows AppX 包管理器特权提升漏洞

CVE-2022-24489|集群客户端故障转移 (CCF) 特权提升漏洞

CVE-2022-24484|Windows 群集共享卷 (CSV) 拒绝服务漏洞

CVE-2022-24538|Windows 群集共享卷 (CSV) 拒绝服务漏洞

CVE-2022-26784|Windows 群集共享卷 (CSV) 拒绝服务漏洞

CVE-2022-24481|Windows 通用日志文件系统驱动程序特权提升漏洞

CVE-2022-24521|Windows 通用日志文件系统驱动程序特权提升漏洞

CVE-2022-24548|Microsoft Defender 拒绝服务漏洞

CVE-2022-24546|Windows DWM 核心库特权提升漏洞

CVE-2022-24527|Windows Endpoint Configuration Manager 特权提升漏洞

CVE-2022-26918|Windows Fax Compose Form远程执行代码漏洞

CVE-2022-26916|Windows Fax Compose Form远程执行代码漏洞

CVE-2022-26917|Windows Fax Compose Form远程执行代码漏洞

CVE-2022-24479|连接用户体验和遥测特权提升漏洞

CVE-2022-26808|Windows 文件资源管理器特权提升漏洞

CVE-2022-26827|Windows 文件服务器资源管理服务特权提升漏洞

CVE-2022-26810|Windows 文件服务器资源管理服务特权提升漏洞

CVE-2022-24499|Windows Installer 特权提升漏洞

CVE-2022-24530|Windows Installer 特权提升漏洞

CVE-2022-24498|Windows iSCSI 目标服务信息泄露漏洞

CVE-2022-24486|Windows Kerberos 特权提升漏洞

CVE-2022-24545|Windows Kerberos 远程代码执行漏洞

CVE-2022-24544|Windows Kerberos 特权提升漏洞

CVE-2022-24483|Windows 内核信息泄露漏洞

CVE-2022-24496|本地安全机构 (LSA) 特权提升漏洞

CVE-2022-24487|Windows 本地安全机构 (LSA) 远程代码执行漏洞

CVE-2022-24547|Windows 数字媒体接收器特权提升漏洞

CVE-2022-24497|Windows 网络文件系统远程代码执行漏洞

CVE-2022-24491|Windows 网络文件系统远程代码执行漏洞

CVE-2022-26788|PowerShell 特权提升漏洞

CVE-2022-26786|Windows 后台打印程序特权提升漏洞

CVE-2022-26787|Windows 后台打印程序特权提升漏洞

CVE-2022-26789|Windows 后台打印程序特权提升漏洞

CVE-2022-26803|Windows 后台打印程序特权提升漏洞

CVE-2022-26802|Windows 后台打印程序特权提升漏洞

CVE-2022-26801|Windows 后台打印程序特权提升漏洞

CVE-2022-26798|Windows 后台打印程序特权提升漏洞

CVE-2022-26790|Windows 后台打印程序特权提升漏洞

CVE-2022-26791|Windows 后台打印程序特权提升漏洞

CVE-2022-26797|Windows 后台打印程序特权提升漏洞

CVE-2022-26796|Windows 后台打印程序特权提升漏洞

CVE-2022-26792|Windows 后台打印程序特权提升漏洞

CVE-2022-26795|Windows 后台打印程序特权提升漏洞

CVE-2022-26794|Windows 后台打印程序特权提升漏洞

CVE-2022-26793|Windows 后台打印程序特权提升漏洞

CVE-2022-24533|远程桌面协议远程代码执行漏洞

CVE-2022-24528|远程过程调用运行时远程代码执行漏洞

CVE-2022-26809|远程过程调用运行时远程代码执行漏洞

CVE-2022-24492|远程过程调用运行时远程代码执行漏洞

CVE-2022-26915|Windows 安全通道拒绝服务漏洞

CVE-2022-24485|Win32文件枚举远程代码执行漏洞

CVE-2022-26830|DiskUsage.exe 远程执行代码漏洞

CVE-2022-24534|Win32流枚举远程代码执行漏洞

CVE-2022-24541|Windows Server 服务远程代码执行漏洞

CVE-2022-24500|Windows SMB 远程代码执行漏洞

CVE-2022-21983|Win32流枚举远程代码执行漏洞

CVE-2022-24550|Windows Telephony Server 特权提升漏洞

CVE-2022-24543|Windows 升级助手远程代码执行漏洞

CVE-2022-26904|Windows 用户配置文件服务特权提升漏洞

CVE-2022-24474|Windows Win32k 特权提升漏洞

CVE-2022-24542|Windows Win32k 特权提升漏洞

CVE-2022-26914|Win32k 特权提升漏洞

CVE-2022-26807|Windows 工作文件夹服务特权提升漏洞

CVE-2022-26924|YARP 拒绝服务漏洞

二

漏洞描述

Windows 通用日志文件系统驱动程序特权提升漏洞(CVE-2022-24481、CVE-2022-24521)

细节是否公开	POC状态	EXP状态	在野利用
否	未知	未知	是（CVE-2022-24521）

该漏洞影响所有开启通用日志文件系统的Windows操作系统，攻击者可以通过精心构造的可执行程序文件或blf文件攻击受影响的Windows计算机，从而导致本地权限提升。

Windows 网络文件系统远程代码执行漏洞(CVE-2022-24491、CVE-2022-24497)

细节是否公开	POC状态	EXP状态	在野利用
否	未知	未知	未知

该漏洞仅影响启用了NFS角色的系统，攻击者可以通过精心构造的恶意NFS流量攻击受影响的Windows计算机，从而导致远程代码执行。

远程过程调用运行时远程代码执行漏洞(CVE-2022-26809)

细节是否公开	POC状态	EXP状态	在野利用
否	未知	未知	未知

攻击者向目标RPC主机发送精心构造的RPC请求，可触发次漏洞，从而实现远程代码执行。

Windows 用户配置文件服务特权提升漏洞(CVE-2022-26904)

细节是否公开	POC状态	EXP状态	在野利用
否	未知	未知	未知

该漏洞影响所有开启用户配置文件服务的Windows操作系统，攻击者可以通过特定操作攻击受影响的Windows计算机，从而导致本地权限提升。

三

缓解措施

高危：目前漏洞细节虽未公开，但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点，并进一步开发漏洞利用代码，Microsoft已发布相关安全更新，鉴于漏洞的严重性，建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。

（一）Windows 更新：

自动更新：

Microsoft Update默认启用，当系统检测到可用更新时，将会自动下载更新并在下一次启动时安装。

手动更新：

1、点击“开始菜单”或按Windows快捷键，点击进入“设置”;

2、选择“更新和安全”，进入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”，具体步骤为“控制面板”->“系统和安全”->“Windows更新”);

3、选择“检查更新”，等待系统将自动检查并下载可用更新;

4、重启计算机，安装更新系统重新启动后，可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。

（二）目前微软针对支持的产品已发布升级补丁修复了上述漏洞，请用户参考官方通告及时下载更新补丁。

补丁获取：

https://msrc.microsoft.com/update-guide/vulnerability

远程过程调用运行时远程代码执行漏洞(CVE-2022-26809)临时缓解措施：

1、在防火墙中配置访问控制策略，限制不可信的地址对存在风险系统的445端口访问；

2、可参考Microsoft guidelines保护SMB流量：

https://docs.microsoft.com/zh-cn/windows-server/storage/file-server/smb-secure-traffic

安恒信息CERT

2022年4月

原文始发于微信公众号（安恒信息CERT）：微软4月安全更新补丁和多个高危漏洞风险提示

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

微软4月安全更新补丁和多个高危漏洞风险提示

Fortinet FortiSwitch 任意密码重置 CVE-2024-48887

DataEase H2 JDBC远程代码执行漏洞CVE-2025-32966

金盘移动图书馆系统信息泄露漏洞

Netgear信息泄露漏洞

JeeWMS cgAutoListController.do SQL注入漏洞

泛微E-Cology9前台SQL注入漏洞

OpenSourceMatters Joomla 未授权SQL注入漏洞

某代理商管理系统存在RCE漏洞

OFCMS 1.1.2 存在任意文件写入漏洞

JeeWMS iconController.do 任意文件上传漏洞

发表评论

在线咨询

微信