芒竹云公告 > 公告详情

【安全通告】2022年9月“微软补丁日” 多个产品高危漏洞风险通告

发布时间:2022-09-18 23:24:00
尊敬的芒竹云用户,您好!

芒竹云安全运营中心监测到, 微软发布了2022年9月的例行安全更新公告,共涉及漏洞数64个,严重级别漏洞5个。本次发布涉及 Microsoft Windows、Windows Components、Azure、 .NET 及 Visual Studio 等多个软件的安全更新。

为避免您的业务受影响,芒竹云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。

漏洞详情

本次公告中以下漏洞需要重点关注:

1. Windows TCP/IP 远程代码执行漏洞(CVE-2022-34718):
漏洞 CVSS 得分为 9.8 分,该漏洞可允许未经身份验证的攻击者,通过将特制的 IPv6 数据包发送到启用了 IPSec 的 Windows 节点,从而远程执行任意代码。据官方描述,该漏洞只有在系统启用了 IPv6 并配置了 IPSec 后才受到影响。

2. Windows Internet 密钥交换 (IKE) 协议扩展远程代码执行漏洞(CVE-2022-34721、CVE-2022-34722):
漏洞 CVSS 得分为 9.8 分。当Windows启用了IPSec时,未经身份验证的攻击者,可通过构造特制的 IP 数据包远程执行任意代码。
此漏洞仅影响 IKEv1,IKEv2 不受影响。 但是,由于所有 Windows 服务器可同时接受 V1 和 V2 数据包,因此均会受到影响。

3. Windows 通用日志文件系统驱动程序权限提升漏洞(CVE-2022-37969):
该漏洞CVSS 得分为 7.8 分,已发现在野利用。该漏洞由于 Windows 的 Common Log File System (CLFS) 程序存在缺陷导致,本地低权限用户可以利用该漏洞执行任意代码从而提升权限。

风险等级
高风险

漏洞风险
攻击者利用该漏洞可导致远程代码执行等危害

影响版本
CVE-2022-34718:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-34721/CVE-2022-34722:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

CVE-2022-37969:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

安全版本
微软2022年9月安全补丁,请参考官方链接进行修复

修复建议
官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本

【备注】:建议您在升级前做好数据备份工作,避免出现意外

漏洞参考

https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34718
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34721
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34722
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37969


/template/Home/qcloud/PC/Static