当前位置:首页 > 安全预警 > 正文

【更新修复补丁】Windows Print Spooler远程代码执行漏洞(CVE-2021-34527)预警

发布时间:2021-07-07 19:28:48,来源:北京奇虎科技有限公司、奇安信科技集团股份有限公司

      一、 基本情况

7月6日,微软已发布Windows Print Spooler远程代码执行漏洞的相关补丁,漏洞CVE编号:CVE-2021-34527。建议广大用户及时安装补丁程序,做好资产自查以及预防工作,以免遭受黑客攻击。

      二、 漏洞等级

高危

      三、 漏洞描述

Print Spooler是Windows系统中用于管理打印相关事务的服务。

该漏洞广泛存在于各Windows版本中,Windows Print Spooler服务执行特权文件操作不当,攻击者可利用该漏洞以系统权限运行任意代码,然后可以安装程序,查看、修改或删除数据,或者创建拥有完全用户权限的新账户。攻击必须通过一个经过身份验证的用户调用RpcAddPrinterDriverEx()。

注:该漏洞类似但不同于微软在2021年6月安全更新中修复的另一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675)。

      四、 影响范围

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

      五、 安全建议

1. 目前微软已发布修复补丁,建议受影响用户下载安装。

下载地址:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

2. 临时缓解措施:

1)禁用Windows Print Spooler服务

如果该服务在运行则使用以下命令停止该服务(使用 powershell)

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

注:禁用后台打印程序服务的影响将禁用本地和远程打印功能。

2)通过组策略配置

Computer Configuration/Administrative Templates/Printers

禁用“允许后台打印程序接受客户端连接”策略以阻止远程攻击。 

      六、 参考链接

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527