更新時間:2021/09/16 01:58:37
發佈時間:2021/09/16 01:58:37
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
1、漏洞說明[1]
Microsoft調查有關 MSHTML 中影響 Microsoft Windows 的遠端執行程式碼漏洞的報告。Microsoft 瞭解到有針對性的攻擊試圖透過使用專門製作的 Microsoft Office 文件來利用此漏洞。
攻擊者可以製作惡意 ActiveX 控制項,供託管流覽器轉譯引擎的 Microsoft Office 文件使用。然後,攻擊者必須說服使用者開啟惡意文件。系統上帳戶使用者權限較低的使用者,其受影響的程度比擁有系統管理權限的使用者要小。
Microsoft Defender 防毒軟體和 Microsoft Defender for Endpoint 均會提供對已知漏洞的偵測和保護。客戶應及時更新反惡意軟體產品。使用自動更新的客戶無需採取額外措施。管理更新的企業客戶應選取偵測版本 1.349.22.0 或更新版本,並在其環境中部署它。Microsoft Defender for Endpoint 警示將顯示為:「可疑的 Cpl 檔案執行」。
Microsoft先前曾發布緩解措施,但有資安專家認為無法解決此漏洞[2]
Microsoft另於 2021年9月14日發行安全性更新,可解決這個弱點,建議執行安全性更新以徹底解決此漏洞。
2.已揭露攻擊程式碼說明[1]
Microsoft公告此漏洞已遭利用。
3.影響平台:[1]
請參考Microsoft公告之42項系統
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
4.CVSS向量:
CVE-2021-40444[1]
分析分數:8.8
影響等級:3
參考來源 :Microsoft
5.建議措施: [1]
請於評估完成後,於Microsoft官網下載更新程式並執行修正。
參考連結:
1.Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
2.iThome
https://www.ithome.com.tw/news/146650
建議措施:
參考資料:
影響平台:
情資編號:
FISAC-202109-0015
系統目錄:
資安漏洞
資安類別:
資安訊息情資 / 其他
影響等級:
3
關鍵字:
弱點漏洞