微软5月安全更新多个产品高危漏洞通告

一、漏洞概述

5月11日,绿盟科技CERT监测到微软发布5月安全更新补丁,修复了75个安全问题,涉及Windows、Active Directory、Print Spooler、Remote Desktop Client等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。

本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有8个,重要(Important)漏洞有67个,其中包括3个0day漏洞:

Windows LSA 欺骗漏洞(CVE-2022-26925)

Windows Hyper-V拒绝服务漏洞(CVE-2022-22713)

Magnitude Simba Amazon Redshift ODBC驱动程序中的漏洞(CVE-2022-29972)

请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。

绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大部分漏洞的检测能力(包括CVE-2022-26923CVE-2022-29142CVE-2022-26937CVE-2022-22017等高危漏洞),请相关用户关注绿盟远程安全评估系统系统插件升级包的更新,及时升级至V6.0R02F01.2706,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys

 

参考链接:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-May

二、重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Active Directory Domain Services权限提升漏洞(CVE-2022-26923):

活动目录(Active Directory)是面向 Windows Standard Server、Windows Enterprie Server 以及 Windows Datacenter Server 的目录服务。由于Active Directory域服务的安全限制存在缺陷,当 Active Directory证书服务在域上运行时,经过身份验证的远程攻击者可利用该漏洞对所管理的计算机帐户的属性进行操作,并从 Active Directory 证书服务获取允许权限提升的证书,从而在目标系统上提升为管理员权限并执行任意代码。CVSS评分为8.8。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923

 

Windows LSA 欺骗漏洞(CVE-2022-26925):

Windows LSA 服务中存在欺骗漏洞,未经身份验证的攻击者可以调用 LSARPC 接口上的方法并强制域控制器使用 NTLM 向攻击者进行身份验证,最终导致目标系统崩溃,且无需用户交互。目前该漏洞已被监测到存在在野利用,CVSS评分为8.1。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925

 

Windows Kernel权限提升漏洞(CVE-2022-29142):

Windows Kernel中存在权限提升漏洞,普通用户权限的本地攻击者可利用该漏洞提升至SYSTEM 权限,最终可实现在目标系统上任意执行代码,且无需用户交互。CVSS评分为7.0。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29142

 

Magnitude Simba Amazon Redshift ODBC 驱动程序远程代码执行漏洞(CVE-2022-29972):

该漏洞存在于用于连接 Amazon Redshift 的第三方 ODBC 数据连接器、Azure Synapse Pipelines 的集成运行时基础结构 (IR) 和 Azure 数据工厂中。经过身份验证的远程攻击者可以在跨集成运行时执行任意代码,且无需用户交互。目前该漏洞已被公开披露。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972

 

Windows Kerberos 权限提升漏洞(CVE-2022-26931):

由于Windows Kerberos中的应用程序未实行正确的安全限制,具有低权限的远程攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限,且无需用户交互。CVSS评分为7.5。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931

 

Windows Network File System远程代码执行漏洞(CVE-2022-26937):

Windows Network File System存在远程代码执行漏洞,由于对Windows Network File System中用户提供的输入的验证不充分,无需进行身份验证的远程攻击者可利用该漏洞向目标系统发送特制的NFS请求,最终导致在目标系统上任意执行代码,且无需用户交互。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937

 

Point-to-Point Tunneling Protocol远程代码执行漏洞(CVE-2022-23270/CVE-2022-21972):

Point-to-Point Tunneling Protocol中存在远程代码执行漏洞,未经身份验证的远程攻击者通过向 RAS 服务器发送特制的连接请求,最终导致在RAS服务器计算机上执行任意代码。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972

 

Remote Desktop Client远程代码执行漏洞(CVE-2022-22017):

在远程桌面连接的情况下,当受害者的远程桌面客户端与攻击服务器连接时,控制远程桌面服务器的攻击者可以在 RDP 客户端计算机上触发该漏洞,从而在目标系统上以用户权限执行任意代码。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017

 

Microsoft SharePoint Server 远程代码执行漏洞(CVE-2022-29108):

Microsoft SharePoint Server存在远程代码执行漏洞。由于Microsoft SharePoint Server中的输入验证存在缺陷。经过身份验证的远程攻击者通过向服务器发送特制请求,最终导致在目标服务器上执行任意代码。成功利用此漏洞可能会导致易受攻击的系统完全攻陷。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108

 

Windows Print Spooler权限提升漏洞(CVE-2022-29132/CVE-2022-29104):

Windows Print Spooler中存在权限提升漏洞,由于应用程序没有在Windows Print Spooler中正确施加安全限制,经过身份验证的本地攻击者利用该漏洞在目标系统上以SYSTEM权限执行任意代码。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104

三、影响范围

以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号 受影响产品版本
CVE-2022-26923

 

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows RT 8.1

Windows 8.1 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-29142

 

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

CVE-2022-29972 Self-hosted Integration Runtime
CVE-2022-26931

CVE-2022-21972

CVE-2022-23270

CVE-2022-21972

CVE-2022-29132

CVE-2022-26925

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based Systems-based systems

Windows 8.1 for 32-bit Systems-based systems

Windows 7 for x64-based Systems-based Systems Service Pack 1

Windows 7 for 32-bit Systems-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems-based Systems

Windows 10 Version 1607 for 32-bit Systems-bit Systems

Windows 10 for x64-based Systems-based Systems-based Systems

Windows 10 for 32-bit Systems-bit Systems

Windows 10 Version 21H2 for x64-based Systems-based Systems

Windows 10 Version 21H2 for ARM64-based Systems-based Systems

Windows 10 Version 21H2 for 32-bit Systems-bit Systems

Windows 11 for ARM64-based Systems-based Systems

Windows 11 for x64-based Systems-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems-based Systems

Windows 10 Version 20H2 for 32-bit Systems-bit Systems

Windows 10 Version 20H2 for x64-based Systems-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems-based Systems

Windows 10 Version 21H1 for x64-based Systems-based Systems

Windows 10 Version 1909 for ARM64-based Systems-based Systems

Windows 10 Version 1909 for x64-based Systems-based Systems

Windows 10 Version 1909 for 32-bit Systems-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems-based Systems

Windows 10 Version 1809 for x64-based Systems-based Systems

Windows 10 Version 1809 for 32-bit Systems-bit Systems

CVE-2022-26937 Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019  (Server Core installation)

Windows Server 2019

CVE-2022-22017 Windows 11 for ARM64-based Systems-based Systems

Windows 11 for x64-based Systems-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Remote Desktop client for Windows Desktop

CVE-2022-29108 Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server Subscription Edition

Microsoft SharePoint Server 2019

Microsoft SharePoint Enterprise Server 2016

CVE-2022-29104 Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

 

四、漏洞防护

4.1 补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-May

注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。

右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。

附录:漏洞列表

影响产品 CVE编号 漏洞标题 严重程度
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29130 Windows LDAP 远程代码执行漏洞 Critical
Windows Network File System CVE-2022-26937 Windows 网络文件系统远程代码执行漏洞 Critical
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-22012 Windows LDAP 远程代码执行漏洞 Critical
Visual Studio Code CVE-2022-30129 Visual Studio Code 远程执行代码漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29141 Windows LDAP 远程代码执行漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29139 Windows LDAP 远程代码执行漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29137 Windows LDAP 远程代码执行漏洞 Important
Windows Kernel CVE-2022-29133 Windows 内核特权提升漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29131 Windows LDAP 远程代码执行漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29129 Windows LDAP 远程代码执行漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-29128 Windows LDAP 远程代码执行漏洞 Important
Microsoft Office SharePoint CVE-2022-29108 Microsoft SharePoint Server 远程执行代码漏洞 Important
Microsoft Graphics Component CVE-2022-26927 Windows 图形组件远程执行代码漏洞 Important
Windows Active Directory CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2022-22019 远程过程调用运行时远程执行代码漏洞 Important
Remote Desktop Client CVE-2022-22017 远程桌面客户端远程执行代码漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-22014 Windows LDAP 远程代码执行漏洞 Important
Windows LDAP – Lightweight Directory Access Protocol CVE-2022-22013 Windows LDAP 远程代码执行漏洞 Important
Windows Storage Spaces Controller CVE-2022-26932 储存空间直接特权提升漏洞 Important
Microsoft Exchange Server CVE-2022-21978 Microsoft Exchange Server 特权提升漏洞 Important
Microsoft Local Security Authority Server (lsasrv) CVE-202226925 Windows LSA 欺骗漏洞 Important
Windows Point-to-Point Tunneling Protocol CVE-2022-23270 点对点隧道协议远程代码执行漏洞 Important
Windows Point-to-Point Tunneling Protocol CVE-2022-21972 点对点隧道协议远程代码执行漏洞 Important
Visual Studio CVE-2022-29148 Visual Studio 远程执行代码漏洞 Important
Windows Print Spooler Components CVE-2022-29132 Windows 打印后台处理程序特权提升漏洞 Important
Role: Windows Fax Service CVE-2022-29115 Windows 传真服务远程代码执行漏洞 Important
Windows Media CVE-2022-29113 Windows Digital Media Receiver 特权提升漏洞 Important
Microsoft Office Excel CVE-202229110 Microsoft Excel 远程执行代码漏洞 Important
Microsoft Office Excel CVE-2022-29109 Microsoft Excel 远程执行代码漏洞 Important
Windows Media CVE-2022-29105 Microsoft Windows Media Foundation 远程执行代码漏洞 Important
Windows Print Spooler Components CVE-2022-29104 Windows 打印后台处理程序特权提升漏洞 Important
Windows Remote Access Connection Manager CVE-2022-29103 Windows 远程访问连接管理器特权提升漏洞 Important
Windows Address Book CVE-2022-26926 Windows 通讯簿远程执行代码漏洞 Important
Windows PowerShell CVE-2022-26788 PowerShell 权限提升漏洞 Important
Visual Studio CVE-2022-24513 Visual Studio 特权提升漏洞 Important
.NET and Visual Studio CVE-2022-29145 .NET 和 Visual Studio 拒绝服务漏洞 Important
.NET and Visual Studio CVE-2022-29117 .NET 和 Visual Studio 拒绝服务漏洞 Important
Windows Kerberos CVE-2022-26931 Windows Kerberos 特权提升漏洞 Important
.NET and Visual Studio CVE-2022-23267 .NET 和 Visual Studio 拒绝服务漏洞 Important
Windows Authentication Methods CVE-2022-26913 Windows 身份验证安全功能绕过漏洞 Important
Windows Cluster Shared Volume (CSV) CVE-2022-29151 Windows 群集共享卷 (CSV) 权限提升漏洞 Important
Windows Cluster Shared Volume (CSV) CVE-2022-29150 Windows 群集共享卷 (CSV) 权限提升漏洞 Important
Windows Kernel CVE-2022-29142 Windows 内核特权提升漏洞 Important
Windows Cluster Shared Volume (CSV) CVE-2022-29138 Windows 群集共享卷权限提升漏洞 Important
Windows Cluster Shared Volume (CSV) CVE-2022-29135 Windows 群集共享卷 (CSV) 权限提升漏洞 Important
Tablet Windows User Interface CVE-2022-29126 Tablet Windows 用户界面应用程序核心特权提升漏洞 Important
Windows Push Notifications CVE-2022-29125 Windows 推送通知应用程序特权提升漏洞 Important
Role: Windows Hyper-V CVE-2022-29106 Windows Hyper-V 共享虚拟硬盘特权提升漏洞 Important
Windows Storage Spaces Controller CVE-2022-26939 储存空间直接特权提升漏洞 Important
Windows Storage Spaces Controller CVE-2022-26938 储存空间直接特权提升漏洞 Important
Microsoft Windows ALPC CVE-2022-23279 Windows ALPC 特权提升漏洞 Important
Windows Media CVE-2022-22016 Windows PlayToManager 特权提升漏洞 Important

 

声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。

绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。

Spread the word. Share this post!

Meet The Author