近日,发现微软多个安全漏洞,包括Microsoft Defender 代码注入漏洞(CNNVD-202112-1162、CVE-2021-43882)、Microsoft Office 代码注入漏洞(CNNVD-202112-1233、CVE-2021-43905)等67个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2021年12月15日,微软发布了2021年12月份安全更新,共67个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Office、Microsoft PowerShell、Chromium-based Edgebrowser、Windows Kernel、PrintSpooler、Remote Desktop Client、WindowsEncrypting File System (EFS)等组件。CNNVD对其危害等级进行了评价,其中超危漏洞3个、高危漏洞41个,中危漏洞23个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括67个漏洞的补丁程序,其中超危漏洞3个、高危漏洞41个,中危漏洞23个。
序号 | 漏洞名称 | CNNVD 编号 | CVE 编号 | 危害 等级 | 官方链接 |
1 | Microsoft Defender代码注入 | CNNVD-202112-1162 | CVE-2021-43882 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43882 |
2 | Microsoft Devices代码注入 | CNNVD-202112-1185 | CVE-2021-43899 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899 |
3 | Microsoft Office 代码注入 | CNNVD-202112-1233 | CVE-2021-43905 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905 |
4 | Microsoft SharePoint输入验证错误 | CNNVD-202112-1066 | CVE-2021-42309 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42309 |
5 | Microsoft Office和Microsoft Excel 代码注入 | CNNVD-202112-1069 | CVE-2021-43256 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43256 |
6 | Microsoft SharePoint 输入验证错误 | CNNVD-202112-1070 | CVE-2021-42294 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42294 |
7 | Microsoft Office 代码注入 | CNNVD-202112-1073 | CVE-2021-43875 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43875 |
8 | Microsoft Windows权限许可和访问控制问题 | CNNVD-202112-1130 | CVE-2021-43893 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893 |
9 | Microsoft Windows Installer权限许可和访问控制问题 | CNNVD-202112-1133 | CVE-2021-43883 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883 |
10 | Microsoft Windows Codecs Library权限许可和访问控制问题 | CNNVD-202112-1135 | CVE-2021-43248 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43248 |
11 | Microsoft Windows TCP/IP component权限许可和访问控制问题 | CNNVD-202112-1136 | CVE-2021-43247 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43247 |
12 | Microsoft Windows权限许可和访问控制问题 | CNNVD-202112-1141 | CVE-2021-43245 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43245 |
13 | Microsoft Windows NTFS权限许可和访问控制问题 | CNNVD-202112-1143 | CVE-2021-43240 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43240 |
14 | Microsoft Windows Update Medic权限许可和访问控制问题 | CNNVD-202112-1144 | CVE-2021-43239 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43239 |
15 | Microsoft Message Queuing信息泄露 | CNNVD-202112-1145 | CVE-2021-43236 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43236 |
16 | Microsoft Windows Fax services代码注入 | CNNVD-202112-1147 | CVE-2021-43234 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43234 |
17 | Microsoft Windows Remote Access Connection Manager权限许可和访问控制问题 | CNNVD-202112-1148 | CVE-2021-43238 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43238 |
18 | Microsoft Windows Update Medic权限许可和访问控制问题 | CNNVD-202112-1149 | CVE-2021-43237 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43237 |
19 | Microsoft Remote Desktop Client代码注入 | CNNVD-202112-1150 | CVE-2021-43233 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43233 |
20 | Microsoft Windows Event Tracing代码注入 | CNNVD-202112-1151 | CVE-2021-43232 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43232 |
21 | Microsoft Windows NTFS权限许可和访问控制问题 | CNNVD-202112-1152 | CVE-2021-43231 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43231 |
22 | Microsoft Windows NTFS权限许可和访问控制问题 | CNNVD-202112-1155 | CVE-2021-43229 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43229 |
23 | Microsoft Windows NTFS权限许可和访问控制问题 | CNNVD-202112-1156 | CVE-2021-43230 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43230 |
24 | Microsoft Windows Codecs Library代码注入 | CNNVD-202112-1158 | CVE-2021-40453 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40453 |
25 | Microsoft Windows Codecs Library代码注入 | CNNVD-202112-1159 | CVE-2021-40452 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40452 |
26 | Microsoft Defender 信息泄露 | CNNVD-202112-1160 | CVE-2021-43888 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43888 |
27 | Microsoft Defender 代码注入 | CNNVD-202112-1161 | CVE-2021-42310 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42310 |
28 | Microsoft Defender 代码注入 | CNNVD-202112-1163 | CVE-2021-41365 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41365 |
29 | Microsoft Defender 代码注入 | CNNVD-202112-1164 | CVE-2021-42311 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42311 |
30 | Microsoft Defender 权限许可和访问控制问题 | CNNVD-202112-1165 | CVE-2021-42312 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42312 |
31 | Microsoft Defender 代码注入 | CNNVD-202112-1167 | CVE-2021-42313 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42313 |
32 | Microsoft Defender 代码注入 | CNNVD-202112-1168 | CVE-2021-42314 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42314 |
33 | Microsoft Defender 代码注入 | CNNVD-202112-1169 | CVE-2021-42315 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42315 |
34 | Microsoft Windows Codecs Library代码注入 | CNNVD-202112-1170 | CVE-2021-43214 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43214 |
35 | Microsoft Internet Information Services缓冲区错误 | CNNVD-202112-1171 | CVE-2021-43215 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215 |
36 | Microsoft Defender 代码注入 | CNNVD-202112-1172 | CVE-2021-43889 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43889 |
37 | Microsoft Windows缓冲区错误 | CNNVD-202112-1174 | CVE-2021-43217 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217 |
38 | Microsoft Visual Studio 代码注入 | CNNVD-202112-1177 | CVE-2021-43907 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907 |
39 | Microsoft Azure 代码注入 | CNNVD-202112-1180 | CVE-2021-43225 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43225 |
40 | Microsoft Visual Studio 权限许可和访问控制问题 | CNNVD-202112-1181 | CVE-2021-43877 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877 |
41 | Microsoft Windows Codecs Library代码注入 | CNNVD-202112-1183 | CVE-2021-41360 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41360 |
42 | Microsoft Visual Studio和Visual Studio Code 代码注入 | CNNVD-202112-1215 | CVE-2021-43891 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43891 |
43 | BizTalk ESB Toolkit 安全 | CNNVD-202112-1253 | CVE-2021-43892 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43892 |
44 | Microsoft Apps 安全 | CNNVD-202112-1261 | CVE-2021-43890 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890 |
45 | Microsoft Office安全 | CNNVD-202112-1064 | CVE-2021-43242 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43242 |
46 | Microsoft SharePoint安全 | CNNVD-202112-1067 | CVE-2021-42320 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42320 |
47 | Microsoft Office 安全 | CNNVD-202112-1068 | CVE-2021-43255 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43255 |
48 | Microsoft Office 信息泄露 | CNNVD-202112-1071 | CVE-2021-42295 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42295 |
49 | Microsoft Office 权限许可和访问控制问题 | CNNVD-202112-1072 | CVE-2021-42293 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42293 |
50 | Microsoft Windows Mobile Device Management权限许可和访问控制问题 | CNNVD-202112-1134 | CVE-2021-43880 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43880 |
51 | Microsoft Hyper-V 输入验证错误 | CNNVD-202112-1137 | CVE-2021-43246 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43246 |
52 | Microsoft Windows Kernel信息泄露 | CNNVD-202112-1142 | CVE-2021-43244 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43244 |
53 | Microsoft Windows Storage Spaces Controller信息泄露 | CNNVD-202112-1146 | CVE-2021-43235 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43235 |
54 | Microsoft Windows SymCrypt输入验证错误 | CNNVD-202112-1153 | CVE-2021-43228 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43228 |
55 | Microsoft Windows Media权限许可和访问控制问题 | CNNVD-202112-1154 | CVE-2021-40441 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40441 |
56 | Microsoft Windows Storage Spaces Controller信息泄露 | CNNVD-202112-1157 | CVE-2021-43227 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43227 |
57 | 多款Microsoft产品权限许可和访问控制问题 | CNNVD-202112-1166 | CVE-2021-43226 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43226 |
58 | Microsoft Local Security Authority Server信息泄露 | CNNVD-202112-1173 | CVE-2021-43216 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43216 |
59 | Microsoft Windows Common Log File System Driver 信息泄露 | CNNVD-202112-1175 | CVE-2021-43224 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43224 |
60 | Microsoft Windows DirectX输入验证错误 | CNNVD-202112-1176 | CVE-2021-43219 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43219 |
61 | Microsoft Message Queuing 信息泄露 | CNNVD-202112-1178 | CVE-2021-43222 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43222 |
62 | Microsoft Windows Remote Access Connection Manager权限许可和访问控制问题 | CNNVD-202112-1179 | CVE-2021-43223 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43223 |
63 | Microsoft Windows Print Spooler Components权限许可和访问控制问题 | CNNVD-202112-1182 | CVE-2021-41333 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333 |
64 | Microsoft Windows Common Log File System Driver 权限许可和访问控制问题 | CNNVD-202112-1184 | CVE-2021-43207 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43207 |
65 | Microsoft Windows Codecs Library信息泄露 | CNNVD-202112-1186 | CVE-2021-43243 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43243 |
66 | Microsoft Visual Studio 安全 | CNNVD-202112-1210 | CVE-2021-43908 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908 |
67 | Microsoft PowerShell Utility 安全 | CNNVD-202112-1230 | CVE-2021-43896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43896 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
