本月微软官方发布安全补丁更新,修复了一处存在于 WindowsPrint Spooler的远程命令执行漏洞,CVE编号为CVE-2021-1675,攻击者可以绕过安全检查并写入恶意驱动程序。6月29日,该漏洞PoC被公开,火绒已在6月9日/10日对个人版/企业版进行了补丁推送。鉴于该漏洞有被利用的可能,我们建议用户尽快使用火绒漏洞修复功能更新补丁。
(注:6月已进行过漏洞修复的用户无需再次修复)
漏洞详情
Windows Print Spooler远程代码执行漏洞 CVE-2021-1675
严重级别:高危 CVSS:7.8
被利用级别:有可能被利用
Print Spooler 是 Windows打印后台处理服务,在Windows平台使用打印机的必要服务。攻击者可绕过 RpcAddPrinterDriver 的身份验证,在打印服务器中安装恶意驱动程序。Windows域环境中普通帐户就能利用此漏洞。
影响范围
Windows 10 Version 1809 for32-bit Systems
Windows Server 2012 R2 (ServerCore installation)
Windows Server 2012 R2
Windows Server 2012 (ServerCore installation)
Windows Server 2012
Windows Server 2008 R2 forx64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 forx64-based Systems Service Pack 1
Windows Server 2008 forx64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 forx64-based Systems Service Pack 2
Windows Server 2008 for 32-bitSystems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bitSystems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-basedsystems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based SystemsService Pack 1
Windows 7 for 32-bit SystemsService Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 forx64-based Systems
Windows 10 Version 1607 for32-bit Systems
Windows 10 for x64-basedSystems
Windows 10 for 32-bit Systems
Windows Server, version 20H2(Server Core Installation)
Windows 10 Version 20H2 forARM64-based Systems
Windows 10 Version 20H2 for32-bit Systems
Windows 10 Version 20H2 forx64-based Systems
Windows Server, version 2004(Server Core installation)
Windows 10 Version 2004 forx64-based Systems
Windows 10 Version 2004 forARM64-based Systems
Windows 10 Version 2004 for32-bit Systems
Windows 10 Version 21H1 for32-bit Systems
Windows 10 Version 21H1 forARM64-based Systems
Windows 10 Version 21H1 forx64-based Systems
Windows 10 Version 1909 forARM64-based Systems
Windows 10 Version 1909 forx64-based Systems
Windows 10 Version 1909 for32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 forARM64-based Systems
Windows 10 Version 1809 forx64-based Systems
修复建议
1、通过火绒个人版/企业版【漏洞修复】功能修复漏洞。
2、下载微软官方提供的补丁
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
扫码二维码
火绒企业安全
点下给小编加点料
特别声明:以上内容(如有图片或视频亦包括在内)为自媒体平台“网易号”用户上传并发布,本平台仅提供信息存储服务。
Notice: The content above (including the pictures and videos if any) is uploaded and posted by a user of NetEase Hao, which is a social media platform and only provides information storage services.