更新時間:2021/10/15 05:44:22
發佈時間:2021/10/15 05:44:22
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
一、漏洞說明: [2]
Win32k驅動程式NtGdiResetDC函數存在漏洞(CVE-2021-40449),該漏洞會導致電腦記憶體中核心模組地址的洩漏。然後,攻擊者可利用此漏洞來提權,進而下載並啟動 MysterySnail,使攻擊者能夠存取受害者的系統。
二、已揭露攻擊程式碼說明[2]
Kaspersky已偵測到針對此漏洞的攻擊行為。
三、影響平台:[1]
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
四、CVSS向量: CVE-2021-40449[1]
使用版本:CVSS 3.0
分析分數:7.8
影響等級:3
參考來源 :Microsoft
五、建議措施:[1]
1.Microsoft 已於2021年10月安全性更新中發布更新,建議評估後執行。
參考連結:
1.Microsoft
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40449
2. Kaspersky
https://www.kaspersky.com/blog/mysterysnail-cve-2021-40449/42448/
建議措施:
參考資料:
影響平台:
情資編號:
FISAC-202110-0010
系統目錄:
資安漏洞
資安類別:
資安訊息情資 / 其他
影響等級:
3
關鍵字:
弱點漏洞