2021年2月網(wǎng)絡(luò)安全風(fēng)險(xiǎn)提示
各校園網(wǎng)用戶:
2021年2月經(jīng)我中心整理和驗(yàn)證的Windows TCP/IP高危漏洞風(fēng)險(xiǎn)提示如下:
1,、漏洞公告
2021年2月9日,微軟官方發(fā)布了2月安全更新公告,,包含了微軟家族多個(gè)軟件的安全更新補(bǔ)丁,,其中Windows TCP/IP協(xié)議緩沖區(qū)溢出漏洞,可能導(dǎo)致遠(yuǎn)程代碼執(zhí)行或拒絕服務(wù)攻擊風(fēng)險(xiǎn),,影響較大,,漏洞對(duì)應(yīng)CVE編號(hào):CVE-2021-24074、CVE-2021-24094,、CVE-2021-24086,,相關(guān)鏈接參考:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2021-24074 https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2021-24094 https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2021-24086
根據(jù)公告,漏洞由微軟TCP/IP協(xié)議(包括IPv4和IPv6)實(shí)現(xiàn)缺陷導(dǎo)致,,影響所有Windows版本,,但非微軟家族產(chǎn)品不受影響,惡意攻擊者成功利用漏洞可能實(shí)現(xiàn)遠(yuǎn)程代碼執(zhí)行或拒絕服務(wù)(藍(lán)屏)效果,,建議盡快安裝安全更新補(bǔ)丁或采取臨時(shí)緩解措施加固系統(tǒng),。
2、影響范圍
Windows TCP/IP遠(yuǎn)程執(zhí)行代碼和拒絕服務(wù)漏洞,,影響和微軟已經(jīng)提供補(bǔ)丁的的系統(tǒng)列表如下:
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
3,、漏洞描述
根據(jù)分析,,CVE-2021-24074漏洞,,漏洞存在于TCP/IP協(xié)議的IPv4源路由請(qǐng)求實(shí)現(xiàn)中,,惡意攻擊者可以通過該漏洞對(duì)未打補(bǔ)丁的目標(biāo)系統(tǒng)進(jìn)行攻擊,實(shí)現(xiàn)遠(yuǎn)程代碼執(zhí)行效果,;CVE-2021-24094,、CVE-2021-24086漏洞,漏洞存在于TCP/IP協(xié)議的IPv6 UDP數(shù)據(jù)包重組實(shí)現(xiàn)中,,惡意攻擊者可以通過該漏洞對(duì)未打補(bǔ)丁的目標(biāo)系統(tǒng)進(jìn)行攻擊,,實(shí)現(xiàn)遠(yuǎn)程代碼執(zhí)行或拒絕服務(wù)(藍(lán)屏)效果;由于TCP/IP協(xié)議是Windows系統(tǒng)基礎(chǔ)協(xié)議,,漏洞威脅風(fēng)險(xiǎn)較大,,建議盡快安裝安全更新補(bǔ)丁或采取臨時(shí)緩解措施加固系統(tǒng)。
MSRC針對(duì)該漏洞的公告說明參考:
https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
2月安全公告列表,,包含的其他漏洞(非全部)快速閱讀指引:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb
CVE-2021-1722|Windows 傳真服務(wù)遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2021-1726|Microsoft SharePoint 欺騙漏洞
CVE-2021-1728|System Center Operations Manager 特權(quán)提升漏洞
CVE-2021-1730|Microsoft Exchange Server 欺騙漏洞
CVE-2021-1731|PFX 加密安全功能繞過漏洞
CVE-2021-1733|Sysinternals PsExec 特權(quán)提升漏洞
CVE-2021-1734|Windows 遠(yuǎn)程過程調(diào)用信息泄露漏洞
CVE-2021-24066|Microsoft SharePoint 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24067|Microsoft Excel 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24068|Microsoft Excel 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24069|Microsoft Excel 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24070|Microsoft Excel 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24071|Microsoft SharePoint 信息泄露漏洞
CVE-2021-24076|Microsoft Windows VMSwitch 信息泄露漏洞
CVE-2021-24077|Windows 傳真服務(wù)遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2021-24078|Windows DNS 服務(wù)器遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24079|Windows 備份引擎信息泄露漏洞
CVE-2021-24084|Windows Mobile Device Management 信息泄露漏洞
CVE-2021-24085|Microsoft Exchange Server 欺騙漏洞
CVE-2021-24087|Azure IoT CLI 擴(kuò)展特權(quán)提升漏洞
CVE-2021-24092|Microsoft Defender 權(quán)限提升漏洞
CVE-2021-24093|Windows 圖形組件遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24098|Windows 控制臺(tái)驅(qū)動(dòng)程序拒絕服務(wù)漏洞
CVE-2021-24100|Microsoft Edge for Android 信息泄露漏洞
CVE-2021-24101|Microsoft Dataverse 信息泄露漏洞
CVE-2021-24105|程序包管理器配置遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24106|Windows DirectX 信息泄露漏洞
CVE-2021-24109|Microsoft Azure Kubernetes Service 特權(quán)提升漏洞
CVE-2021-24112|.NET Core 遠(yuǎn)程執(zhí)行代碼漏洞
CVE-2021-24114|Microsoft Teams iOS 信息泄露漏洞
CVE-2021-25195|Windows PKU2U 特權(quán)提升漏洞
CVE-2021-26700|Visual Studio Code npm-script Extension 遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2021-26701|.NET Core 遠(yuǎn)程執(zhí)行代碼漏洞
4,、緩解措施
目前漏洞細(xì)節(jié)暫未公開,但可以通過補(bǔ)丁對(duì)比方式分析出漏洞觸發(fā)點(diǎn),,并進(jìn)一步開發(fā)漏洞利用代碼,,建議及時(shí)測(cè)試安全更新補(bǔ)丁并應(yīng)用安裝,或采取臨時(shí)緩解措施加固系統(tǒng),。
臨時(shí)緩解措施(不方便打補(bǔ)丁的情況下考慮的有限措施):
針對(duì)CVE-2021-24074漏洞,,設(shè)置源路由行為(netsh命令參考):
netsh int ipv4 set global sourceroutingbehavior=drop
如需還原為默認(rèn)設(shè)置(netsh命令參考):Dontforward
netsh int ipv4 set global sourceroutingbehavior=dontforward
或通過安全設(shè)備禁止源路由請(qǐng)求;
針對(duì)CVE-2021-24094,、CVE-2021-24086漏洞,,禁用數(shù)據(jù)包重組(netsh命令參考):
Netsh int ipv6 set global reassemblylimit=0
如需還原為默認(rèn)設(shè)置(netsh命令參考):267748640
Netsh int ipv6 set global reassemblylimit=267748640
或通過安全設(shè)備禁止Ipv6 UDP分段。
網(wǎng)絡(luò)信息技術(shù)中心
2021年2月28日