芒竹云公告 > 公告详情

【安全通告】2022年7月“微软补丁日” 多个产品高危漏洞风险通告

发布时间:2022-07-14 01:47:24
尊敬的芒竹云用户,您好!
芒竹云安全运营中心监测到, 微软发布了2022年7月的例行安全更新公告,共涉及漏洞数84个,严重级别漏洞4个。本次发布涉及 Microsoft Windows、Windows Components、Microsoft Defender for Endpoint、Office and Office Components; Windows BitLocker、Windows Hyper-V等多个软件的安全更新。
为避免您的业务受影响,芒竹云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
漏洞详情
以下漏洞被标记为较为严重:
CVE-2022-22047(Windows CSRSS 权限提升漏洞):
此漏洞的 CVSS 评分 7.8。据官方称,该漏洞已发现在野利用。
成功利用此漏洞的攻击者可以获得系统特权。

CVE-2022-30221(Windows Graphics Component 远程代码执行漏洞):
漏洞 CVSS 评分 8.8。可利用性评估:利用可能性较小。
攻击者必须诱导目标用户连接到恶意 RDP 服务器。连接后,恶意服务器可以在受害者系统上执行代码。
只有安装了 RDP 8.0 或 RDP 8.1,Windows 7 Service Pack 1 或 Windows Server 2008 R2 Service Pack 1 才会受此漏洞影响。如果没有在 Windows 7 SP1 或 Window Server 2008 R2 SP1 上安装这些版本的 RDP,不会受到此漏洞的影响。

CVE-2022-22029(Windows Network File System远程代码执行漏洞):
此漏洞的 CVSS 评分 8.1。可利用性评估:利用可能性较小。
通过对网络文件系统 (NFS) 服务,利用未经身份验证的特制调用可触发远程代码执行 (RCE),可远程利用此漏洞。
要成功利用此漏洞,攻击者需要花费时间通过发送恒定或间歇性数据来重复利用尝试。

CVE-2022-22038(Remote Procedure Call Runtime远程代码执行漏洞):
此漏洞的 CVSS 评分 8.1。可利用性评估:利用可能性较小。
要成功利用此漏洞,攻击者需要花费时间通过发送恒定或间歇性数据来重复利用尝试。

CVE-2022-22039(Windows Network File System远程代码执行漏洞):
此漏洞的 CVSS 评分 7.5。可利用性评估:利用可能性较小
成功利用此漏洞需要竞争条件。
可通过对网络文件系统 (NFS) 服务进行未经身份验证的特制调用以触发远程代码执行 (RCE),可以远程利用此漏洞。
风险等级
高风险
漏洞风险
攻击者利用该漏洞可导致远程代码执行等危害
影响版本
CVE-2022-22047:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-30221:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Remote Desktop client for Windows Desktop
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22029:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019

CVE-2022-22038:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22039:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
安全版本
微软2022年7月最新补丁,或参考官方链接进行修复
修复建议
官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本
【备注】:建议您在升级前做好数据备份工作,避免出现意外
漏洞参考

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039

大陆.png

2022年7月14日


/template/Home/qcloud/PC/Static