情資內容

一、漏洞說明[1] Microsoft Support Diagnostic Tool （MSDT） 為微軟於 Windows 中預設開啟之診斷支援工具，用來蒐集主機相關診斷資料以回傳給原廠技術人員分析問題等支援功能。攻擊者可透過釣魚郵件或釣魚網站散布特製檔案，若受害者開啟檔案，攻擊者即可利用此漏洞(CVE-2022-34713)自遠端執行任意程式。 二、已揭露攻擊程式碼說明[2] 官方已證實觀察到此漏洞遭利用。 三、影響平台[2] Windows 7 for 32-bit Systems Service Pack 1、x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems、x64-based systems Windows RT 8.1 Windows 10 for 32-bit Systems、x64-based Systems Windows 10 Version 1607 for 32-bit Systems、x64-based Systems Windows 10 Version 1809 for 32-bit Systems、ARM64-based Systems、x64-based Systems Windows 10 Version 20H2 for 32-bit Systems、ARM64-based Systems、x64-based Systems Windows 10 Version 21H1 for 32-bit Systems、ARM64-based Systems、x64-based Systems Windows 10 Version 21H2 for 32-bit Systems、ARM64-based Systems、x64-based Systems Windows 11 for ARM64-based Systems、x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server, version 20H2 (Server Core Installation) 四、CVSS向量: CVE-2022-34713 [2] 使用版本：CVSS 3.1 分析分數：7.8 影響等級:3 參考來源: Microsoft 五、建議措施： 目前官方已釋出修補程式，建議評估後執行。 六、參考資訊： 1. NIST https://nvd.nist.gov/vuln/detail/CVE-2022-34713 2. Microsoft https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713 建議措施： 參考資料： 影響平台：