当前位置:首页 > 漏洞预警 > 正文

Windows Print Spooler远程代码执行零日漏洞(CVE-2021-34527)预警

发布时间:2021-07-02 22:53:26,来源:北京奇虎科技有限公司

      一、 基本情况

7月1日,微软发布Windows Print Spooler远程代码执行漏洞的风险公告,漏洞CVE编号:CVE-2021-34527。报告中指出该漏洞已公开,且存在在野利用,漏洞POC(概念验证代码)已公开。目前该漏洞为零日状态,微软暂未发布修复补丁,但针对该漏洞给出临时缓解方法。建议广大用户及时通过临时防护方法缓解漏洞风险,并做好资产自查以及预防工作,以免遭受黑客攻击。

      二、 漏洞等级

高危

      三、 漏洞描述

Print Spooler是Windows系统中用于管理打印相关事务的服务。

该漏洞广泛存在于各Windows版本中,Windows Print Spooler服务执行特权文件操作不当,攻击者可利用该漏洞以系统权限运行任意代码,然后可以安装程序,查看、修改或删除数据,或者创建拥有完全用户权限的新账户。攻击必须通过一个经过身份验证的用户调用RpcAddPrinterDriverEx()。

注:该漏洞类似但不同于微软在2021年6月安全更新中修复的另一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675)。

      四、 影响范围

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

      五、 安全建议

目前微软暂未修复该漏洞,建议用户通过以下临时防护方法缓解漏洞风险。

1. 禁用Windows Print Spooler服务

2. 通过组策略禁用入站远程打印

      六、 参考链接

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527