发布时间:2021-07-02 22:53:26,来源:北京奇虎科技有限公司
7月1日,微软发布Windows Print Spooler远程代码执行漏洞的风险公告,漏洞CVE编号:CVE-2021-34527。报告中指出该漏洞已公开,且存在在野利用,漏洞POC(概念验证代码)已公开。目前该漏洞为零日状态,微软暂未发布修复补丁,但针对该漏洞给出临时缓解方法。建议广大用户及时通过临时防护方法缓解漏洞风险,并做好资产自查以及预防工作,以免遭受黑客攻击。
高危
Print Spooler是Windows系统中用于管理打印相关事务的服务。
该漏洞广泛存在于各Windows版本中,Windows Print Spooler服务执行特权文件操作不当,攻击者可利用该漏洞以系统权限运行任意代码,然后可以安装程序,查看、修改或删除数据,或者创建拥有完全用户权限的新账户。攻击必须通过一个经过身份验证的用户调用RpcAddPrinterDriverEx()。
注:该漏洞类似但不同于微软在2021年6月安全更新中修复的另一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675)。
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
目前微软暂未修复该漏洞,建议用户通过以下临时防护方法缓解漏洞风险。
1. 禁用Windows Print Spooler服务
2. 通过组策略禁用入站远程打印
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527