学校主页 English
网络安全
安全预警
首页 > 网络安全 > 安全预警 > 正文

关于Windows Print Spooler远程代码执行漏洞的预警通报

时间:2021-06-30 作者: 浏览量:



1、漏洞背景描述

2021年6月,微软在6月的安全更新中通报并修复了一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675),并且该漏洞POC已经在github公开。

2、漏洞概述

Windows Print Spooler是Windows的打印机后台处理程序,广泛的应用于各种内网中。攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意驱动程序。若攻击者所控制的用户在域中,则攻击者可能连接到DC中的Spooler服务,并利用该漏洞在DC中安装恶意驱动程序,从而可能控制整个域环境。

3、漏洞风险

成功利用该漏洞的攻击者可以完整的控制域环境,攻击可能造成严重后果。

4、漏洞影响

➢ Windows 10 Version 1809 for 32-bit Systems

➢ Windows Server 2012 R2 (Server Core installation)

➢ Windows Server 2012 R2

➢ Windows Server 2012 (Server Core installation)

➢ Windows Server 2012

➢ Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)

➢ Windows Server 2008 R2 for x64-based Systems Service Pack1

➢ Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)

➢ Windows Server 2008 for x64-based Systems Service Pack2

➢ Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)

➢ Windows Server 2008 for 32-bit Systems Service Pack 2

➢ Windows RT 8.1

➢ Windows 8.1 for x64-based systems

➢ Windows 8.1 for 32-bit systems

➢ Windows 7 for x64-based Systems Service Pack 1

➢ Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation)

➢ Windows Server 2016

➢ Windows 10 Version 1607 for x64-based Systems

➢ Windows 10 Version 1607 for 32-bit Systems

➢ Windows 10 for x64-based Systems

➢ Windows 10 for 32-bit Systems

➢ Windows Server, version 20H2 (Server Core Installation)

➢ Windows 10 Version 20H2 for ARM64-based Systems

➢ Windows 10 Version 20H2 for 32-bit Systems

➢ Windows 10 Version 20H2 for x64-based Systems

➢ Windows Server, version 2004 (Server Core installation)

➢ Windows 10 Version 2004 for x64-based Systems

➢ Windows 10 Version 2004 for ARM64-based Systems

➢ Windows 10 Version 2004 for 32-bit Systems

➢ Windows 10 Version 21H1 for 32-bit Systems

➢ Windows 10 Version 21H1 for ARM64-based Systems

➢ Windows 10 Version 21H1 for x64-based Systems

➢ Windows 10 Version 1909 for ARM64-based Systems

➢ Windows 10 Version 1909 for x64-based Systems

➢ Windows 10 Version 1909 for 32-bit Systems

➢ Windows Server 2019 (Server Core installation)

➢ Windows Server 2019

➢ Windows 10 Version 1809 for ARM64-based Systems

➢ Windows 10 Version 1809 for x64-based System

5、修复建议

微软官方已针对支持的windows系统发布了修复补丁,建议受影响用户及时安装更新,地址:

https://msrc.microsoft.com/update-guide/vulnerability/C VE-2021-1675

地址:湖北省武汉市鲁磨路388号,中国地质大学(武汉) 邮编:430074

版权所有与网站维护:中国地质大学(武汉)信息化工作办公室

关注我们

  • 微信