情資內容

一、漏洞說明[1] Windows Scripting Languages存在高風險 RCE漏洞(CVE-2022-41128)，影響多數的 Windows 版本，攻擊者成功利用此漏洞時可自遠端執行任意程式碼。 二、已揭露攻擊程式碼說明 相關資安新聞說明觀察到此漏洞遭利用於攻擊行為，並有相關 POC 程式碼。[2][3] 三、影響平台 Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 四、CVSS向量: CVE-2022- 41128 [1] 使用版本：CVSS 3.1 分析分數：8.8 參考來源: Microsoft 建議措施： 1. 官方已於2022年11月例行安全性更新中發布更新，建議依照單位內既有漏洞管理機制，評估後執行相關作業。 參考資料： 1. Microsoft https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128 2. Google TAG https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ 3. Google Project Zero https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2022/CVE-2022-41128.html 影響平台： Microsoft Windows