【安全通告】Windows Print Spooler远程代码执行漏洞风险通告(CVE-2021-1675)
摘要:
尊敬的腾讯云用户,您好!
近日,腾讯云安全运营中心监测到,安全研究人员披露Windows Print Spooler远程代码执行漏洞POC,漏洞编号为CVE-2021-1675。可导致远程代码执行或本地提权等危害。
为避免您的业务受影响,腾讯云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
漏洞详情
Windows Print Spooler是Windows的打印机后台处理程序,该服务广泛的存在于各Windows版本中。
攻击者可通过该漏洞绕过PfcAddPrinterDriver安全验证,并在打印服务器中安装恶意的驱动程序。若攻击者所控制的用户在域中,则攻击者可以连接到DC中的Spooler服务,并利用该漏洞在DC中安装恶意的驱动程序,完整的控制整个域环境,危害较为严重。
微软官方已在2021年6月发布的安全更新修复该漏洞。6月29日,相关poc被安全研究人员在github公开披露。
风险等级
高(漏洞利用细节被公开)
漏洞风险
攻击者可利用该漏洞可远程执行任意代码或进行权限提升
影响版本
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server, version 2004 (Server Core installation)
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
安全版本
微软2021年6月安全更新
修复建议
微软官方已在2021年6月发布的安全更新修复该漏洞,请及时更新相关补丁。
临时缓解措施:
若暂时无法进行补丁更新,可通过以下步骤禁用Print Spooler服务来进行临时缓解:
1. 打开服务应用(services.msc),在其中找到Print Spooler服务。
2. 停止运行服务,同时将“启动类型”修改为“禁用”。
【备注】:建议您在升级前做好数据备份工作,避免出现意外
漏洞参考
补丁及更多详情参考:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675
