【漏洞预警】微软补丁日安全通告11月份

2022-11-10 8,104


1. 通告信息



2022年11月9日,微软发布了11月安全更新,本次更新修复了包括6个0 day漏洞在内的68个安全漏洞,其中有11个漏洞评级为“严重”。
对此,安识科技建议广大用户及时升级到安全版本,并做好资产自查以及预防工作,以免遭受黑客攻击。


2. 漏洞概述



本次发布的安全更新涉及.NET Framework、Azure、Linux Kernel、Microsoft Exchange Server、Microsoft Office、Windows Hyper-V、Visual Studio、Windows ALPC、Windows Kerberos、Windows Mark of the Web (MOTW)、Windows Network Address Translation (NAT)、Windows ODBC Driver、Windows Point-to-Point Tunneling Protocol、Windows Print Spooler Components、Windows Scripting和Windows Win32K等多个产品和组件。
本次修复的68个漏洞(不包括2个OpenSSL 漏洞)中,27个为提取漏洞,16个为远程代码执行漏洞,11个为信息泄露漏洞,6个为拒绝服务漏洞,4个为安全功能绕过漏洞,以及3个欺骗漏洞。
微软本次共修复了6个被积极利用的0 day漏洞,其中CVE-2022-41091已被公开披露:
CVE-2022-41128:Windows Scripting Languages远程代码执行漏洞
该漏洞的CVSS评分为8.8,影响了JScript9 脚本语言和多个Windows 版本,利用该漏洞需与用户交互,目前已检测到漏洞利用。
CVE-2022-41091:Windows Mark of the Web 安全功能绕过漏洞
该漏洞的CVSS评分为5.4,利用该漏洞需与用户交互。可以制作恶意文件来规避Mark of the Web (MOTW)防御,从而导致 Microsoft Office 中的受保护视图等依赖 MOTW 标记的安全功能受到影响。该漏洞已经公开披露,且已检测到漏洞利用。
CVE-2022-41073:Windows Print Spooler 特权提升漏洞
该漏洞的CVSS评分为7.8,影响了Windows 后台打印程序,成功利用该漏洞的本地恶意用户可以获得SYSTEM权限,目前已经检测到漏洞利用。
CVE-2022-41125:Windows CNG Key Isolation Service 特权提升漏洞
该漏洞的CVSS评分为7.8,影响了Windows CNG 密钥隔离服务,成功利用该漏洞的本地恶意用户可以获得SYSTEM权限,目前已经检测到漏洞利用。
CVE-2022-41040:Microsoft Exchange Server 特权提升漏洞
该漏洞的CVSS评分为8.8,微软于2022年9月30日首次披露该漏洞(Microsoft Exchange ProxyNotShell漏洞),成功利用该漏洞可以提升权限,并在目标系统中运行PowerShell,但必须经过身份验证,该漏洞已经检测到漏洞利用。
CVE-2022-41082:Microsoft Exchange Server 远程代码执行漏洞
该漏洞的CVSS评分为8.8,微软于2022年9月30日首次披露该漏洞(Microsoft Exchange ProxyNotShell漏洞),经过身份验证的恶意用户可以通过网络调用在服务器帐户的上下文中触发恶意代码,导致远程代码执行,该漏洞已经检测到漏洞利用。

3. 漏洞危害



攻击者可利用漏洞在未授权的情况下,构造恶意数据执行远程代码执行攻击,最终获取服务器最高权限。

4. 影响版本



漏洞名称、CVE编号
受影响版本
Windows Web 查询标记安全功能绕过漏洞 CVE-2022-41091
 
Windows 10 Version 22H2 for x64-based Systems
 
Windows 10 Version 22H2 for 32-bit Systems
 
Windows 10 Version 22H2 for ARM64-based Systems
 
Windows 11 Version 22H2 for ARM64-based Systems
 
Windows 11 Version 22H2 for x64-based Systems
 
Windows Server 2016 (Server Core installation)
 
Windows Server 2016
 
Windows 10 Version 1607 for x64-based Systems
 
Windows 10 Version 1607 for 32-bit Systems
 
Windows 10 for x64-based Systems
 
Windows 10 for 32-bit Systems
 
Windows 10 Version 21H2 for x64-based Systems
 
Windows 10 Version 21H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for 32-bit Systems
 
Windows 11 for ARM64-based Systems
 
Windows 11 for x64-based Systems
 
Windows 10 Version 20H2 for ARM64-based Systems
 
Windows 10 Version 20H2 for 32-bit Systems
 
Windows 10 Version 20H2 for x64-based Systems
 
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
 
Windows Server 2022 (Server Core installation)
 
Windows Server 2022
 
Windows 10 Version 21H1 for 32-bit Systems
 
Windows 10 Version 21H1 for ARM64-based Systems
 
Windows 10 Version 21H1 for x64-based Systems
 
Windows Server 2019 (Server Core installation)
 
Windows Server 2019
 
Windows 10 Version 1809 for ARM64-based Systems
 
Windows 10 Version 1809 for x64-based Systems
 
Windows 10 Version 1809 for 32-bit Systems
Microsoft Exchange Server 特权提升漏洞 CVE-2022-41040
Microsoft Exchange Server 2016 Cumulative Update 23
 
Microsoft Exchange Server 2019 Cumulative Update 12
 
Microsoft Exchange Server 2019 Cumulative Update 11
 
Microsoft Exchange Server 2016 Cumulative Update 22
 
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 远程执行代码漏洞 CVE-2022-41082
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2013 Cumulative Update 23
Windows 脚本语言远程代码执行漏洞 CVE-2022-41128
Windows 10 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for ARM64-based Systems
 
Windows 7 for x64-based Systems Service Pack 1
 
Windows 7 for x64-based Systems Service Pack 1
 
Windows 7 for x64-based Systems Service Pack 1
 
Windows 7 for 32-bit Systems Service Pack 1
 
Windows 7 for 32-bit Systems Service Pack 1
 
Windows 7 for 32-bit Systems Service Pack 1
 
Windows Server 2016
 
Windows 10 Version 1607 for x64-based Systems
 
Windows 10 Version 1607 for 32-bit Systems
 
Windows 10 for x64-based Systems
 
Windows 10 for 32-bit Systems
 
Windows 10 Version 22H2 for 32-bit Systems
 
Windows 10 Version 22H2 for ARM64-based Systems
 
Windows Server 2012 R2
 
Windows Server 2012
 
Windows Server 2012
 
Windows Server 2012
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
Windows RT 8.1
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for 32-bit systems
 
Windows 8.1 for 32-bit systems
 
Windows 8.1 for 32-bit systems
 
Windows 10 Version 21H2 for x64-based Systems
 
Windows 10 Version 21H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for 32-bit Systems
 
Windows 11 for ARM64-based Systems
 
Windows 11 for x64-based Systems
 
Windows 10 Version 20H2 for ARM64-based Systems
 
Windows 10 Version 20H2 for 32-bit Systems
 
Windows 10 Version 20H2 for x64-based Systems
 
Windows Server 2022
 
Windows 10 Version 21H1 for 32-bit Systems
 
Windows 10 Version 21H1 for ARM64-based Systems
 
Windows 10 Version 21H1 for x64-based Systems
 
Windows Server 2019
 
Windows 10 Version 1809 for ARM64-based Systems
 
Windows 10 Version 1809 for x64-based Systems
 
Windows 10 Version 1809 for 32-bit Systems
Windows CNG 密钥隔离服务特权提升漏洞 CVE-2022-41125
Windows Server 2012 R2
 
Windows Server 2012 R2
 
Windows Server 2012 (Server Core installation)
 
Windows Server 2012 (Server Core installation)
 
Windows Server 2012
 
Windows Server 2012
 
Windows RT 8.1
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for x64-based systems
 
Windows Server 2012 R2 (Server Core installation)
 
Windows Server 2012 R2 (Server Core installation)
 
Windows 8.1 for 32-bit systems
 
Windows 8.1 for 32-bit systems
 
Windows Server 2016 (Server Core installation)
 
Windows Server 2016
 
Windows 10 Version 1607 for x64-based Systems
 
Windows 10 Version 1607 for 32-bit Systems
 
Windows 10 for x64-based Systems
 
Windows 10 for 32-bit Systems
 
Windows 10 Version 22H2 for 32-bit Systems
 
Windows 10 Version 22H2 for ARM64-based Systems
 
Windows Server 2019 (Server Core installation)
 
Windows Server 2019
 
Windows 10 Version 1809 for ARM64-based Systems
 
Windows 10 Version 1809 for x64-based Systems
 
Windows 10 Version 1809 for 32-bit Systems
 
Windows 10 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for x64-based Systems
 
Windows 10 Version 21H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for 32-bit Systems
 
Windows 11 for ARM64-based Systems
 
Windows 11 for x64-based Systems
 
Windows 10 Version 20H2 for ARM64-based Systems
 
Windows 10 Version 20H2 for 32-bit Systems
 
Windows 10 Version 20H2 for x64-based Systems
 
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
 
Windows Server 2022 (Server Core installation)
 
Windows Server 2022
 
Windows 10 Version 21H1 for 32-bit Systems
 
Windows 10 Version 21H1 for ARM64-based Systems
 
Windows 10 Version 21H1 for x64-based Systems
Windows 打印后台处理程序特权提升漏洞 CVE-2022-41073
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1
 
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
 
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
 
Windows Server 2008 for x64-based Systems Service Pack 2
 
Windows Server 2008 for x64-based Systems Service Pack 2
 
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
 
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
 
Windows Server 2008 for 32-bit Systems Service Pack 2
 
Windows Server 2008 for 32-bit Systems Service Pack 2
 
Windows RT 8.1
 
Windows 10 Version 21H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for 32-bit Systems
 
Windows 11 for ARM64-based Systems
 
Windows 11 for x64-based Systems
 
Windows 10 Version 21H1 for x64-based Systems
 
Windows Server 2019 (Server Core installation)
 
Windows Server 2019
 
Windows 10 Version 1809 for ARM64-based Systems
 
Windows 10 Version 1809 for x64-based Systems
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for x64-based systems
 
Windows 8.1 for 32-bit systems
 
Windows 8.1 for 32-bit systems
 
Windows 7 for x64-based Systems Service Pack 1
 
Windows 7 for x64-based Systems Service Pack 1
 
Windows 7 for 32-bit Systems Service Pack 1
 
Windows 7 for 32-bit Systems Service Pack 1
 
Windows Server 2016 (Server Core installation)
 
Windows Server 2016
 
Windows 10 Version 1607 for x64-based Systems
 
Windows 10 Version 1607 for 32-bit Systems
 
Windows 10 for x64-based Systems
 
Windows 10 for 32-bit Systems
 
Windows 10 Version 22H2 for 32-bit Systems
 
Windows 10 Version 22H2 for ARM64-based Systems
 
Windows 10 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for x64-based Systems
 
Windows 11 Version 22H2 for ARM64-based Systems
 
Windows 10 Version 21H2 for x64-based Systems
 
Windows 10 Version 20H2 for ARM64-based Systems
 
Windows 10 Version 20H2 for 32-bit Systems
 
Windows 10 Version 20H2 for x64-based Systems
 
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
 
Windows Server 2022 (Server Core installation)
 
Windows Server 2022
 
Windows 10 Version 21H1 for 32-bit Systems
 
Windows 10 Version 21H1 for ARM64-based Systems
 
Windows 10 Version 1809 for 32-bit Systems
 
Windows Server 2012 R2 (Server Core installation)
 
Windows Server 2012 R2 (Server Core installation)
 
Windows Server 2012 R2
 
Windows Server 2012 R2
 
Windows Server 2012 (Server Core installation)
 
Windows Server 2012 (Server Core installation)
 
Windows Server 2012
 
Windows Server 2012
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)


5. 解决方案



微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41091
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41040
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41082
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41128
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41125
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2022-41073

6. 时间轴



-202211月09日 微软例行补丁日,微软官网发布漏洞安全公告。
-2022年11月09日 安识科技A-Team团队根据漏洞信息分析
-2022年11月10日 安识科技A-Team团队发布安全通告

本文作者:安识科技

本文为安全脉搏专栏作者发布,转载请注明:https://www.secpulse.com/archives/190852.html

Tags:
评论  (0)
快来写下你的想法吧!

安识科技

文章数:190 积分: 135

安识科技:专业的企业安全解决方案提供商。官网:https://www.duoyinsu.com/

安全问答社区

安全问答社区

脉搏官方公众号

脉搏公众号