发布时间:2021-07-07 19:28:48,来源:北京奇虎科技有限公司、奇安信科技集团股份有限公司
7月6日,微软已发布Windows Print Spooler远程代码执行漏洞的相关补丁,漏洞CVE编号:CVE-2021-34527。建议广大用户及时安装补丁程序,做好资产自查以及预防工作,以免遭受黑客攻击。
高危
Print Spooler是Windows系统中用于管理打印相关事务的服务。
该漏洞广泛存在于各Windows版本中,Windows Print Spooler服务执行特权文件操作不当,攻击者可利用该漏洞以系统权限运行任意代码,然后可以安装程序,查看、修改或删除数据,或者创建拥有完全用户权限的新账户。攻击必须通过一个经过身份验证的用户调用RpcAddPrinterDriverEx()。
注:该漏洞类似但不同于微软在2021年6月安全更新中修复的另一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675)。
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
1. 目前微软已发布修复补丁,建议受影响用户下载安装。
下载地址:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
2. 临时缓解措施:
1)禁用Windows Print Spooler服务
如果该服务在运行则使用以下命令停止该服务(使用 powershell)
Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled
注:禁用后台打印程序服务的影响将禁用本地和远程打印功能。
2)通过组策略配置
Computer Configuration/Administrative Templates/Printers
禁用“允许后台打印程序接受客户端连接”策略以阻止远程攻击。
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527