99久久国产综合精品国_亚洲av日韩aⅴ电影_午夜福利在线电影_亚洲aⅤ色欲久久一区二区三区_91九色蝌蚪国产精品_亚洲av无码乱码在线观看四虎_4国产精品无码制服丝袜_亚洲Av成人五月天在线观看_牛牛成人永久免费视频_午夜福利在线资源


【漏洞通告】Windows Print Spooler 遠(yuǎn)程代碼執(zhí)行漏洞安全風(fēng)險(xiǎn)通告(CVE-2021-1675)

Windows Print Spooler 遠(yuǎn)程代碼執(zhí)行漏洞安全風(fēng)險(xiǎn)通告

發(fā)布日期:2021-6-30

?

漏洞描述

Windows Print Spooler是Windows的打印機(jī)后臺(tái)處理程序,廣泛的應(yīng)用于各種內(nèi)網(wǎng)中。微軟在2021年6月的安全更新中修復(fù)了一處 Windows Print Spooler 遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2021-1675)。

該漏洞源于Windows Print Spooler未能正確地實(shí)施安全限制,攻擊者可繞過RpcAddPrinterDriver的安全檢查,在打印機(jī)服務(wù)器上安裝惡意驅(qū)動(dòng)程序。域用戶可連接到域控制器中的Spooler服務(wù)在域控制器中安裝惡意驅(qū)動(dòng),從而完全控制整個(gè)域。該漏洞可用于實(shí)現(xiàn)本地特權(quán)提升和遠(yuǎn)程代碼執(zhí)行(遠(yuǎn)程代碼執(zhí)行需要Spooler服務(wù)上經(jīng)過認(rèn)證的用戶)。

漏洞編號(hào)

CVE-2021-1675

漏洞危害

攻擊者可繞過RpcAddPrinterDriver的安全檢查,在打印機(jī)服務(wù)器上安裝惡意驅(qū)動(dòng)程序。域用戶可連接到域控制器中的Spooler服務(wù)在域控制器中安裝惡意驅(qū)動(dòng),從而完全控制整個(gè)域。

漏洞等級(jí)

高危
受影響版本

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server, version 2004 (Server Core installation)

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

復(fù)方案

微軟已發(fā)布補(bǔ)丁修復(fù)漏洞,用戶請(qǐng)盡快下載安裝更新:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675

參考鏈接

1、https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675

上一篇
下一篇

聯(lián)系我們:cert@chaosec.com