【安全通告】2021年10月“微软补丁日” 多个产品高危漏洞风险通告(CVE-2021-26427等)
摘要:
尊敬的腾讯云用户,您好!
腾讯云安全运营中心监测到, 微软发布了2021年10月的例行安全更新公告,共涉及漏洞数71个,其中严重级别漏洞2个,重要级别68个。本次发布涉及Windows操作系统, Office, Windows Exchange Server等多个软件的安全更新。
为避免您的业务受影响,腾讯云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
漏洞详情
在此次公告中以下漏洞需要重点关注:
CVE-2021-26427(Microsoft Exchange Server远程代码执行漏洞):
该漏洞CVSS评分9.0,为严重级别,根据官方说明,需在同一局域网才可以利用该漏洞,需要重点关注
CVE-2021-40449(Win32k 权限提升漏洞):
该漏洞CVSS评分7.8,为重要级别,据官方描述,已检测到漏洞攻击利用。
CVE-2021-40486(Microsoft Word 远程代码执行漏洞):
攻击者可构造恶意文档,导致执行任意代码,被官方标记为“不太可能被利用”
风险等级
高风险
影响版本
CVE-2021-26427:
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22
CVE-2021-40449:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-40486:
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition)
Microsoft Office Online Server
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Enterprise Server 2016
安全版本
微软2021年10月最新补丁
修复建议
微软官方已发布漏洞修复更新,腾讯云安全建议您:
1)更新系统补丁:确保服务器打上了所需的补丁,打开Windows Update更新功能或下载修复补丁,点击“检查更新”
2)不要打开来历不明的文件或者链接:避免被攻击者利用在机器上执行恶意代码。
【备注】:建议您在升级前做好数据备份工作,避免出现意外
漏洞参考
https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct
