尊敬的腾讯云用户,您好!
腾讯云安全运营中心监测到, 微软发布了2022年2月的例行安全更新公告,共涉及漏洞数70个,无严重级别漏洞,重要级别50个。本次发布涉及 Microsoft Windows,Microsoft Edge, Microsoft Office , SQL Server, Microsoft Dynamics, 等多个软件的安全更新。
为避免您的业务受影响,腾讯云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。
漏洞详情
在此次公告中以下漏洞需要重点关注:
CVE-2022-21984(Windows DNS 服务器远程代码执行漏洞):
漏洞CVSS评分8.8,该漏洞仅当启用动态更新(dynamic updates)时服务器才会受到影响,该配置非默认配置,默认状态下不受影响。但该配置是一种相对常用配置,部分服务器环境中可能使用该配置,如果使用,则攻击者可以完全接管您的 DNS 并以高权限执行任意代码。
CVE-2022-21989(Windows 内核权限提升漏洞):
漏洞CVSS评分7.8,攻击者可以通过低权限的 AppContainer 执行攻击,并借此提升权限并以比 AppContainer 执行环境更高的级别执行代码或访问资源。 被微软官方评级为,更有可能被利用。
风险等级
高风险
漏洞风险
攻击者利用该漏洞可导致远程代码执行等危害
影响版本
CVE-2022-21984:
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
CVE-2022-21989:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
安全版本
微软2022年2月最新补丁
修复建议
官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本
【备注】:建议您在升级前做好数据备份工作,避免出现意外
漏洞参考
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21989
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
15104215