更新時間:2023/04/20 17:51:55
發佈時間:2023/04/20 17:51:55
TLP:
(White)
得對外公開散布,但不得違反著作權法等相關規定
更新說明:
一、漏洞說明[1]
Microsoft 通用紀錄檔系統驅動程式(CLFS)存在高風險提權漏洞,並影響多數 Windows 版本,已有一般系統使用權限的攻擊者成功利用時可取得管理權限。
二、已揭露攻擊行為說明
1.相關資安新聞[1]說明觀察到此漏洞已遭駭客利用,官方亦已證實[2]。
2.CISA 將此漏洞列入已遭利用清單[3],須優先修補。
▶ 參考資訊
⌵
| 網址 | 說明 |
|---|---|
| https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/ | [1]漏洞利用相關資訊 |
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252 | [2]Microsoft 官方公告 |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog | [3]CISA 公告 |
▶ 影響平台
⌵
影響平台-系統:
Windows 10 for 32-bit Systems、x64-based Systems
Windows 10 Version 1607 for 32-bit Systems、x64-based Systems
Windows 10 Version 1809 for 32-bit Systems、ARM64-based Systems、x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems、ARM64-based Systems、x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems、ARM64-based Systems、x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems、ARM64-based Systems、x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems、x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems、x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (含Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (含Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (含Server Core installation)
Windows Server 2012 (含Server Core installation)
Windows Server 2012 R2 (含Server Core installation)
Windows Server 2016 (含Server Core installation)
Windows Server 2019 (含Server Core installation)
Windows Server 2022 (含Server Core installation)
▶ 建議措施
⌵
1. Microsoft 已於2023年4月份例行安全性更新中發布更新,建議會員依照單位內既有漏洞管理機制,評估後執行相關作業。[2]
▶ 漏洞資訊
⌵
名稱:
CVE-2023-28252
描述:
使用版本:CVSS 3.1
分析分數:7.8
參考來源::Microsoft
情資編號:
FISAC-200-202304-0001
系統目錄:
資安漏洞
資安類別:
漏洞公告 /
影響等級:
3
關鍵字:
弱點漏洞