芒竹云公告 > 公告详情

【安全通告】2022年6月“微软补丁日” 多个产品高危漏洞风险通告

发布时间:2022-06-18 19:10:23
尊敬的芒竹云用户,您好!
芒竹云安全运营中心监测到, 微软发布了2022年6月的例行安全更新公告,共涉及漏洞数55个,严重级别漏洞3个。本次发布涉及Windows Components、Visual Studio、Microsoft Office、Microsoft Edge、Windows Hyper-V Server、Windows App Store、Azure OMI、SharePoint Server、Windows Defender、Windows Lightweight Directory Access Protocol (LDAP)、Windows Powershell等多个软件的安全更新。
为避免您的业务受影响,芒竹云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
漏洞详情
在此次公告中以下漏洞需要微软用户重点关注:

CVE-2022-30190(Microsoft Windows 支持诊断工具 (MSDT) 远程代码执行漏洞):
该漏洞是由于Word等调用应用程序使用URL协议调用Microsoft 支持诊断工具 (MSDT)时导致,攻击者可通过ms-msdt MSProtocol URI 来执行恶意代码,也被称为“Follina”漏洞。此漏洞利用工具及技术细节已被公开,风险较大,目前官方已针对该漏洞发布正式补丁。

CVE-2022-30136(Windows 网络文件系统远程代码执行漏洞):
漏洞 CVSS 9.8 ,漏洞可能允许远程攻击者在运行 NFS 的受影响系统上执行任意代码。被微软标记为很有可能被利用。此漏洞在 NFSV2.0 或 NFSV3.0 中不可利用,可以通过禁用 NFSV4.1 来临时缓解该漏洞。

风险等级
高风险
漏洞风险
攻击者利用该漏洞可导致远程代码执行等危害
影响版本
CVE-2022-30190:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-30136:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2019 (Server Core installation)
Windows Server 2019
安全版本
微软2022年6月最新补丁
修复建议
官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本
【备注】:建议您在升级前做好数据备份工作,避免出现意外
漏洞参考

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30136
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun


/template/Home/qcloud/PC/Static