【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示

admin
admin
admin
140350
文章
117
评论
2022年5月12日15:28:14评论57 views字数 6018阅读20分3秒阅读模式


【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示


0x00


5月11日,天融信阿尔法实验室监测到微软发布5月份安全更新,此次更新共修复了79个漏洞,其中CVSS评分9.8分的严重漏洞3个,高危漏洞21个,中危漏洞29个,低危漏洞26个,微软官方建议用户尽快更新至安全版本。


0x01


  • CVE-2022-29130:

Windows LDAP远程代码执行漏洞,未经身份验证的攻击者可以向易受攻击的服务器发送特殊制作的请求。成功的利用可能导致攻击者的代码在SYSTEM账户的上下文中运行。该漏洞只有在MaxReceiveBuffer LDAP策略设置为高于默认值的值时,才可以被利用。具有此策略默认值的系统将不会受到攻击。


  • CVE-2022-26937:

Windows网络文件系统远程代码执行漏洞,攻击者可以通过网络文件系统(NFS)服务进行未经身份验证的、有针对性的调用来触发远程代码执行(RCE)。


  • CVE-2022-22012:

Windows LDAP远程代码执行漏洞,未经身份验证的攻击者可以向易受攻击的服务器发送特殊制作的请求。成功的利用可能导致攻击者的代码在SYSTEM账户的上下文中运行。该漏洞只有在MaxReceiveBuffer LDAP策略设置为高于默认值的值时,才可以被利用。具有此策略默认值的系统将不会受到攻击。


0x02


  • CVE-2022-29130:

Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 11 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based Systems

  • CVE-2022-26937:

Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server, version 20H2 (Server Core Installation)Windows Server 2022 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2019

  • CVE-2022-22012:

Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 11 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit Systems


0x03临时


CVE-2022-26937:

此漏洞在NFSV4.1中不可利用。在更新可以防范此漏洞的Windows版本之前,您可以通过禁用NFSV2和NFSV3来减轻攻击。这可能会对你的生产环境造成负面影响,所以只能作为暂时的缓解措施。

下面的PowerShell命令将禁用这些版本:

PS C:Set-NfsServerConfiguration -EnableNFSV2 $false -EnableNFSV3 $false

重新启动NFS服务器,以管理员身份运行cmd窗口,输入以下命令:

nfsadmin server stopnfsadmin server start

确认NFSv2和NFSv3已关闭,在Powershell窗口中运行以下命令:

PS C:Get-NfsServerConfiguration

下面是示例输出,注意EnableNFSv2和EnableNFSv3现在是“False”:

State : RunningLogActivity :CharacterTranslationFile : Not ConfiguredDirectoryCacheSize (KB) : 128HideFilesBeginningInDot : DisabledEnableNFSV2 : FalseEnableNFSV3 : FalseEnableNFSV4 : TrueEnableAuthenticationRenewal : TrueAuthenticationRenewalIntervalSec : 600NlmGracePeriodSec : 45MountProtocol : {TCP, UDP}NfsProtocol : {TCP, UDP}NisProtocol : {TCP, UDP}NlmProtocol : {TCP, UDP}NsmProtocol : {TCP, UDP}PortmapProtocol : {TCP, UDP}MapServerProtocol : {TCP, UDP}PreserveInheritance : FalseNetgroupCacheTimeoutSec : 30UnmappedUserAccount :WorldAccount : EveryoneAlwaysOpenByName : FalseGracePeriodSec : 240LeasePeriodSec : 120OnlineTimeoutSec : 180

当机器打补丁时,重新启用NFSv2/v3,输入以下命令:

Set-NfsServerConfiguration -EnableNFSV2 $True -EnableNFSV3 $True

在此之后,您将再次需要重新启动NFS服务器或重新启动机器。


0x04


微软官方发布安全更新,建议用户尽快更新至安全版本,官方链接如下:

https://msrc.microsoft.com/update-guide


0x05


使


2011

【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示
【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示



原文始发于微信公众号(天融信阿尔法实验室):【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年5月12日15:28:14
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【风险提示】天融信关于微软5月补丁日多个产品高危漏洞风险提示https://cn-sec.com/archives/998561.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息