通告编号:NS-2022-0031
| TAG: | 安全更新、.NET Framework、Microsoft Bluetooth Driver、Microsoft Office |
| 漏洞危害: | |
| 版本: | 1.0 |
漏洞概述
12月14日,绿盟科技CERT监测到微软发布12月安全更新补丁,修复了48个安全问题,涉及.NET Framework、Microsoft Bluetooth Driver、Microsoft Office等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有6个,重要(Important)漏洞有42个,其中包括2个0day漏洞:
Windows SmartScreen 安全特征绕过漏洞(CVE-2022-44698)
DirectX Graphics Kernel 权限提升漏洞(CVE-2022-44710)
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大部分漏洞的检测能力(包括CVE-2022-41076、CVE-2022-44690、CVE-2022-44683、CVE-2022-47212、CVE-2022-44675等高危漏洞),请相关用户关注绿盟远程安全评估系统插件升级包的更新,及时升级至V6.0R02F01.2909,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
SEE MORE →
2重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Microsoft Dynamics NAV 和 Microsoft Dynamics 365 Business Central(本地)远程代码执行漏洞(CVE-2022-41127):
Microsoft Dynamics NAV 和 Microsoft Dynamics 365 Business Central存在远程代码执行漏洞。当Dynamics NAV 打开可用于连接 WCF TCP 协议的端口,经过身份验证的攻击者可以通过网络调用在服务器帐户的上下文中执行任意代码。CVSS评分为8.5。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127
Microsoft SharePoint Server远程代码执行漏洞(CVE-2022-44690/CVE-2022-44693):
Microsoft SharePoint服务器存在远程代码执行漏洞,经过身份验证且具有ManageList 权限的攻击者通过该漏洞获得创建站点的访问权限,最终可实现在目标服务器上执行任意代码,CVSS评分为8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690
PowerShell 远程代码执行漏洞(CVE-2022-41076):
Windows PowerShell中存在远程代码执行漏洞,具有低权限的攻击者通过利用该漏洞跳出 PowerShell 远程会话配置并在目标系统上运行未经审核的命令,且无需用户交互。目前已监测到该漏洞存在在野利用,CVSS评分为8.5。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
Windows 安全套接字隧道协议(SSTP)远程代码执行漏洞(CVE-2022-44670/CVE-2022-44676):
Windows 安全套接字隧道协议 (SSTP) 存在远程代码执行漏洞。由于Windows安全套接字隧道协议 (SSTP) 的安全限制存在缺陷,在特定的配置环境中,无需身份验证的远程攻击者通过向RAS服务器发送特制的请求,最终导致在目标服务器上任意执行代码,且无需用户交互。CVSS评分为8.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44670
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44676
Windows Kernel权限提升漏洞(CVE-2022-44683):
Windows Kernel中存在权限提升漏洞,由于Windows Kernel未实行正确的安全限制,具有低权限的本地攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限并执行任意代码,且无需用户交互。CVSS评分为7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44683
Microsoft Graphics Component远程执行代码漏洞(CVE-2022-47212/CVE-2022-26806/CVE-2022-47211)
Microsoft Graphics Component存在远程代码执行漏洞,攻击者可通过制作恶意的文件,当成功诱导用户在受影响的系统上下载并打开恶意文件后,无需身份验证的本地攻击者可利用该漏洞在目标系统上以用户权限执行任意代码。CVSS评分为7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47212
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-47211
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26806
Windows Bluetooth 驱动程序权限提升漏洞(CVE-2022-44675)
Windows Bluetooth 驱动程序中存在权限提升漏洞,拥有低权限的远程攻击者通过利用该漏洞可以获得系统特权,且无需用户交互。CVSS评分为7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44675
Microsoft Windows Sysmon 权限提升漏洞(CVE-2022-44704)
Microsoft Windows Sysmon中存在权限提升漏洞,通过本地身份验证的攻击者可以操纵 Sysinternals 服务上的信息,以实现从本地用户权限提升为系统管理员权限,且无需用户交互。CVSS评分为7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44704
3影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
CVE-2022-41127 | Microsoft Dynamics 365 Business Central 2021 Release Wave 1 Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Microsoft Dynamics 365 Business Central 2021 Release Wave 2 Microsoft Dynamics 365 Business Central 2022 Release Wave 1 Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Microsoft Dynamics 365 Business Central 2020 Release Wave 2 Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Dynamics 365 Business Central Spring 2019 Update Microsoft Dynamics NAV 2018 Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2016 |
CVE-2022-44690 CVE-2022-44693 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 |
CVE-2022-41076 | Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems PowerShell 7.2 PowerShell 7.3 |
CVE-2022-44670 CVE-2022-44676 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2022-44683 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2022-44675 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 Datacenter: Azure Edition Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
4漏洞防护
4.1 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
Microsoft Dynamics | CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2022-44690 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
Microsoft Office SharePoint | CVE-2022-44693 | Microsoft SharePoint Server 远程代码执行漏洞 | Critical |
Windows PowerShell | CVE-2022-41076 | PowerShell 远程代码执行漏洞 | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-44670 | Windows Secure Socket Tunneling Protocol (SSTP) 远程代码执行漏洞 | Critical |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) 远程代码执行漏洞 | Critical |
.NET Framework | CVE-2022-41089 | .NET Framework 远程代码执行漏洞 | Important |
Azure | CVE-2022-44699 | Azure Network Watcher Agent 安全特征绕过漏洞 | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2022-44673 | Windows Client Server Run-Time Subsystem (CSRSS) 安全特征绕过漏洞 | Important |
Microsoft Bluetooth Driver | CVE-2022-44675 | Windows Bluetooth Driver 权限提升漏洞 | Important |
Microsoft Bluetooth Driver | CVE-2022-44674 | Windows Bluetooth Driver 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2022-26805 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-26804 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-47213 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-41121 | Windows Graphics Component 权限提升漏洞 | Important |
Microsoft Graphics Component | CVE-2022-44671 | Windows Graphics Component 权限提升漏洞 | Important |
Microsoft Graphics Component | CVE-2022-47212 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-26806 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-47211 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Graphics Component | CVE-2022-41074 | Windows Graphics Component 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2022-44679 | Windows Graphics Component 信息泄露漏洞 | Important |
Microsoft Graphics Component | CVE-2022-44680 | Windows Graphics Component 权限提升漏洞 | Important |
Microsoft Office | CVE-2022-44692 | Microsoft Office Graphics 远程代码执行漏洞 | Important |
Microsoft Office OneNote | CVE-2022-44691 | Microsoft Office OneNote 远程代码执行漏洞 | Important |
Microsoft Office Outlook | CVE-2022-24480 | Outlook for Android 权限提升漏洞 | Important |
Microsoft Office Outlook | CVE-2022-44713 | Microsoft Outlook for Mac 欺骗漏洞 | Important |
Microsoft Office Visio | CVE-2022-44696 | Microsoft Office Visio 远程代码执行漏洞 | Important |
Microsoft Office Visio | CVE-2022-44695 | Microsoft Office Visio 远程代码执行漏洞 | Important |
Microsoft Office Visio | CVE-2022-44694 | Microsoft Office Visio 远程代码执行漏洞 | Important |
Microsoft Windows Codecs Library | CVE-2022-44668 | Windows Media 远程代码执行漏洞 | Important |
Microsoft Windows Codecs Library | CVE-2022-44667 | Windows Media 远程代码执行漏洞 | Important |
Microsoft Windows Codecs Library | CVE-2022-44687 | Raw Image Extension 远程代码执行漏洞 | Important |
Role: Windows Hyper-V | CVE-2022-41094 | Windows Hyper-V 权限提升漏洞 | Important |
Role: Windows Hyper-V | CVE-2022-44682 | Windows Hyper-V 拒绝服务漏洞 | Important |
SysInternals | CVE-2022-44704 | Microsoft Windows Sysmon 权限提升漏洞 | Important |
Windows Contacts | CVE-2022-44666 | Windows Contacts远程代码执行漏洞 | Important |
Windows DirectX | CVE-2022-44710 | DirectX Graphics Kernel 权限提升漏洞 | Important |
Windows Error Reporting | CVE-2022-44669 | Windows Error Reporting 权限提升漏洞 | Important |
Windows Fax Compose Form | CVE-2022-41077 | Windows Fax Compose Form 权限提升漏洞 | Important |
Windows HTTP Print Provider | CVE-2022-44678 | Windows Print Spooler 权限提升漏洞 | Important |
Windows Kernel | CVE-2022-44707 | Windows Kernel 拒绝服务漏洞 | Important |
Windows Kernel | CVE-2022-44683 | Windows Kernel 权限提升漏洞 | Important |
Windows Print Spooler Components | CVE-2022-44681 | Windows Print Spooler 权限提升漏洞 | Important |
Windows Projected File System | CVE-2022-44677 | Windows Projected File System 权限提升漏洞 | Important |
Windows Subsystem for Linux | CVE-2022-44689 | Windows Subsystem for Linux (WSL2) Kernel 权限提升漏洞 | Important |
Windows Terminal | CVE-2022-44702 | Windows Terminal 远程代码执行漏洞 | Important |
Windows SmartScreen | CVE-2022-44698 | Windows SmartScreen 安全功能绕过漏洞 | Important |
Microsoft Graphics Component | CVE-2022-44697 | Windows 图形组件特权提升漏洞 | Important |
END
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
还没有评论,来说两句吧...