1、漏洞背景描述
2021年6月,微软在6月的安全更新中通报并修复了一个Windows Print Spooler远程代码执行漏洞(CVE-2021-1675),并且该漏洞POC已经在github公开。
2、漏洞概述
Windows Print Spooler是Windows的打印机后台处理程序,广泛的应用于各种内网中。攻击者可以通过该漏洞绕过PfcAddPrinterDriver的安全验证,并在打印服务器中安装恶意驱动程序。若攻击者所控制的用户在域中,则攻击者可能连接到DC中的Spooler服务,并利用该漏洞在DC中安装恶意驱动程序,从而可能控制整个域环境。
3、漏洞风险
成功利用该漏洞的攻击者可以完整的控制域环境,攻击可能造成严重后果。
4、漏洞影响
➢ Windows 10 Version 1809 for 32-bit Systems
➢ Windows Server 2012 R2 (Server Core installation)
➢ Windows Server 2012 R2
➢ Windows Server 2012 (Server Core installation)
➢ Windows Server 2012
➢ Windows Server 2008 R2 for x64-based Systems Service Pack1 (Server Core installation)
➢ Windows Server 2008 R2 for x64-based Systems Service Pack1
➢ Windows Server 2008 for x64-based Systems Service Pack2 (Server Core installation)
➢ Windows Server 2008 for x64-based Systems Service Pack2
➢ Windows Server 2008 for 32-bit Systems Service Pack 2(Server Core installation)
➢ Windows Server 2008 for 32-bit Systems Service Pack 2
➢ Windows RT 8.1
➢ Windows 8.1 for x64-based systems
➢ Windows 8.1 for 32-bit systems
➢ Windows 7 for x64-based Systems Service Pack 1
➢ Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation)
➢ Windows Server 2016
➢ Windows 10 Version 1607 for x64-based Systems
➢ Windows 10 Version 1607 for 32-bit Systems
➢ Windows 10 for x64-based Systems
➢ Windows 10 for 32-bit Systems
➢ Windows Server, version 20H2 (Server Core Installation)
➢ Windows 10 Version 20H2 for ARM64-based Systems
➢ Windows 10 Version 20H2 for 32-bit Systems
➢ Windows 10 Version 20H2 for x64-based Systems
➢ Windows Server, version 2004 (Server Core installation)
➢ Windows 10 Version 2004 for x64-based Systems
➢ Windows 10 Version 2004 for ARM64-based Systems
➢ Windows 10 Version 2004 for 32-bit Systems
➢ Windows 10 Version 21H1 for 32-bit Systems
➢ Windows 10 Version 21H1 for ARM64-based Systems
➢ Windows 10 Version 21H1 for x64-based Systems
➢ Windows 10 Version 1909 for ARM64-based Systems
➢ Windows 10 Version 1909 for x64-based Systems
➢ Windows 10 Version 1909 for 32-bit Systems
➢ Windows Server 2019 (Server Core installation)
➢ Windows Server 2019
➢ Windows 10 Version 1809 for ARM64-based Systems
➢ Windows 10 Version 1809 for x64-based System
5、修复建议
微软官方已针对支持的windows系统发布了修复补丁,建议受影响用户及时安装更新,地址:
https://msrc.microsoft.com/update-guide/vulnerability/C VE-2021-1675