微软7月安全更新多个产品高危漏洞通告

阅读： 1,356

一、漏洞概述

7月13日，绿盟科技CERT监测到微软发布7月安全更新补丁，修复了84个安全问题，涉及Windows、Microsoft Office、Windows Print Spooler Components、Windows Hyper-V、Azure Site Recovery等广泛使用的产品，其中包括权限提升、远程代码执行等高危漏洞类型。

本月微软月度更新修复的漏洞中，严重程度为关键（Critical）的漏洞有4个，重要（Important）漏洞有80个，其中包括1个0day漏洞：

Windows CSRSS权限提升漏洞（CVE-2022-22047）

请相关用户尽快更新补丁进行防护，完整漏洞列表请参考附录。

绿盟远程安全评估系统（RSAS）已具备微软此次补丁更新中大部分漏洞的检测能力（包括CVE-2022-22047、CVE-2022-30221、CVE-2022-22029、CVE-2022-22039、CVE-2022-22038等高危漏洞），请相关用户关注绿盟远程安全评估系统系统插件升级包的更新，及时升级至V6.0R02F01.2802，官网链接：http://update.nsfocus.com/update/listRsasDetail/v/vulsys

参考链接：

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

二、重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞，请相关用户重点进行关注：

Windows CSRSS权限提升漏洞（CVE-2022-22047）：

Windows CSRSS存在权限提升漏洞，由于CSRSS中的应用程序未实行正确的安全限制，具有低权限的本地攻击者通过利用该漏洞绕过安全限制，从而在目标系统上提升至SYSTEM权限并执行任意代码，且无需用户交互。微软官方表示，该漏洞已被监测到存在在野利用。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047

Remote Procedure Call Runtime远程代码执行漏洞（CVE-2022-22038）：

Remote Procedure Call Runtime存在远程代码执行漏洞。未经身份验证的远程攻击者通过利用该漏洞在目标系统上任意执行代码。该漏洞的利用复杂度较高，微软官方表示：要成功利用此漏洞，攻击者需要通过发送恒定或间歇性数据来重复利用尝试。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038

Windows Network File System远程代码执行漏洞（CVE-2022-22029/CVE-2022-22039）：

Windows Network File System存在远程代码执行漏洞（CVE-2022-22029/CVE-2022-22039），未经身份验证的远程攻击者通过向网络文件系统（NFS）服务器发送特制的请求包，最终导致在目标系统上执行任意代码。以上漏洞的利用复杂度较高，微软官方表示：要成功利用漏洞，攻击者需要通过发送恒定或间歇性数据来重复利用尝试。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039

Windows Graphics Component远程代码执行漏洞（CVE-2022-30221）：

未经身份验证的远程攻击者可以通过诱导用户与恶意的RDP服务器相连接，最终导致在目标系统上任意执行代码。微软官方表示：只有安装了RDP 8.0或RDP 8.1的操作系统才会受到此漏洞的影响，如果用户没有在Windows 7 SP1或Window Server 2008 R2 SP1上安装这些版本的RDP，则不会受到该漏洞影响。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221

Windows Graphics Component权限提升漏洞（CVE-2022-22034）：

Windows Graphics Component存在权限提升漏洞，由于Graphics Component中的应用程序未实行正确的安全限制，具有低权限的本地攻击者通过利用该漏洞绕过安全限制，从而在目标系统上提升至SYSTEM权限，且无需用户交互，CVSS评分为7.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034

Active Directory Federation Services权限提升漏洞（CVE-2022-30215）：

活动目录（Active Directory）是面向 Windows Standard Server、Windows Enterprie Server 以及 Windows Datacenter Server 的目录服务。由于Active Directory联合服务的安全限制存在缺陷，在特定的配置环境中，具有低权限的远程攻击者可利用该漏洞绕过Active Directory信任边界，在目标系统上提升为域管理员权限并执行任意代码。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30215

Windows Server Service篡改漏洞（CVE-2022-30216）：

Server Service存在服务篡改漏洞，由于Windows Server中的应用程序未实行正确的安全限制，经过身份验证的远程攻击者需要通过上传特制的恶意证书到目标服务器，最终可在目标系统任意执行代码，且无需用户交互。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30216

Windows Common Log File System Driver权限提升漏洞（CVE-2022-30220）：

Common Log File System Driver存在权限提升漏洞，由于该产品中的应用程序未实行正确的安全限制，具有低权限的本地攻击者通过利用该漏洞绕过安全限制，从而在目标系统上提升至SYSTEM权限并执行任意代码，且无需用户交互，CVSS评分为7.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30220

三、影响范围

以下为重点关注漏洞的受影响产品版本，其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号

受影响产品版本

CVE-2022-22038

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22029

CVE-2022-22039

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

CVE-2022-30221

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Remote Desktop client for Windows Desktop

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22034

CVE-2022-30220

CVE-2022-22047

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-30215

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

CVE-2022-30216

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

四、漏洞防护

4.1 补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁，强烈建议受影响用户尽快安装补丁进行防护，官方下载链接：

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Jul

注：由于网络问题、计算机环境问题等原因，Windows Update的补丁更新可能出现失败。用户在安装补丁后，应及时检查补丁是否成功更新。

右键点击Windows图标，选择“设置(N)”，选择“更新和安全”-“Windows更新”，查看该页面上的提示信息，也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新，可点击更新名称跳转到微软官方下载页面，建议用户点击该页面上的链接，转到“Microsoft更新目录”网站下载独立程序包并安装。

附录：漏洞列表

影响产品	CVE编号	漏洞标题	严重程度
Microsoft Graphics Component	CVE-2022-30221	Windows 图形组件远程代码执行漏洞	Critical
Windows Network File System	CVE-2022-22029	Windows 网络文件系统远程代码执行漏洞	Critical
Windows Network File System	CVE-2022-22039	Windows 网络文件系统远程代码执行漏洞	Critical
Windows Remote Procedure Call Runtime	CVE-2022-22038	远程过程调用运行时远程代码执行漏洞	Critical
AMD CPU Branch	CVE-2022-23825	AMD：CVE-2022-23825 AMD CPU 分支类型混淆	Important
AMD CPU Branch	CVE-2022-23816	AMD：CVE-2022-23816 AMD CPU 分支类型混淆	Important
Azure Site Recovery	CVE-2022-33665	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33666	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33663	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33664	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33667	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33672	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33673	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33671	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33668	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33661	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33662	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33657	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33656	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33658	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33660	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33659	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33655	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33651	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33650	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33652	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33654	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33653	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33669	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33643	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-30181	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33676	Azure Site Recovery 远程代码执行漏洞	Important
Azure Site Recovery	CVE-2022-33677	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33678	Azure Site Recovery 远程代码执行漏洞	Important
Azure Site Recovery	CVE-2022-33642	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33674	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33675	Azure Site Recovery 特权提升漏洞	Important
Azure Site Recovery	CVE-2022-33641	Azure Site Recovery 特权提升漏洞	Important
Azure Storage Library	CVE-2022-30187	Azure 存储库信息泄露漏洞	Important
Microsoft Defender for Endpoint	CVE-2022-33637	Microsoft Defender 端点篡改漏洞	Important
Microsoft Graphics Component	CVE-2022-22034	Windows 图形组件特权提升漏洞	Important
Microsoft Graphics Component	CVE-2022-30213	Windows GDI+ 信息泄露漏洞	Important
Microsoft Office	CVE-2022-33632	Microsoft Office 安全功能绕过漏洞	Important
Open Source Software	CVE-2022-27776	HackerOne：CVE-2022-27776 凭据保护不足漏洞可能会泄漏身份验证或 cookie 标头数据	Important
Role: DNS Server	CVE-2022-30214	Windows DNS 服务器远程执行代码漏洞	Important
Role: Windows Fax Service	CVE-2022-22024	Windows 传真服务远程代码执行漏洞	Important
Role: Windows Fax Service	CVE-2022-22027	Windows 传真服务远程代码执行漏洞	Important
Role: Windows Hyper-V	CVE-2022-30223	Windows Hyper-V 信息泄露漏洞	Important
Role: Windows Hyper-V	CVE-2022-22042	Windows Hyper-V 信息泄露漏洞	Important
Skype for Business and Microsoft Lync	CVE-2022-33633	Skype for Business 和 Lync 远程代码执行漏洞	Important
Windows Active Directory	CVE-2022-30215	Active Directory 联合服务特权提升漏洞	Important
Windows Advanced Local Procedure Call	CVE-2022-30202	Windows 高级本地过程调用特权提升漏洞	Important
Windows Advanced Local Procedure Call	CVE-2022-30224	Windows 高级本地过程调用特权提升漏洞	Important
Windows Advanced Local Procedure Call	CVE-2022-22037	Windows 高级本地过程调用特权提升漏洞	Important
Windows BitLocker	CVE-2022-22711	Windows BitLocker 信息泄露漏洞	Important
Windows BitLocker	CVE-2022-22048	BitLocker 安全功能绕过漏洞	Important
Windows Boot Manager	CVE-2022-30203	Windows 启动管理器安全功能绕过漏洞	Important
Windows Client/Server Runtime Subsystem	CVE-2022-22026	Windows CSRSS 特权提升漏洞	Important
Windows Client/Server Runtime Subsystem	CVE-2022-22049	Windows CSRSS 特权提升漏洞	Important
Windows Client/Server Runtime Subsystem	CVE-2022-22047	Windows CSRSS 特权提升漏洞	Important
Windows Connected Devices Platform Service	CVE-2022-30212	Windows 连接设备平台服务信息泄露漏洞	Important
Windows Credential Guard	CVE-2022-22031	Windows Credential Guard 加入域的公钥提权漏洞	Important
Windows Fast FAT Driver	CVE-2022-22043	Windows 快速 FAT 文件系统驱动程序特权提升漏洞	Important
Windows Fax and Scan Service	CVE-2022-22050	Windows 传真服务特权提升漏洞	Important
Windows Group Policy	CVE-2022-30205	Windows 组策略特权提升漏洞	Important
Windows IIS	CVE-2022-30209	Windows IIS 服务器特权提升漏洞	Important
Windows IIS	CVE-2022-22025	Windows Internet Information Services Cachuri 模块拒绝服务漏洞	Important
Windows IIS	CVE-2022-22040	Internet 信息服务动态压缩模块拒绝服务漏洞	Important
Windows Kernel	CVE-2022-21845	Windows 内核信息泄露漏洞	Important
Windows Media	CVE-2022-22045	Windows.Devices.Picker.dll 特权提升漏洞	Important
Windows Media	CVE-2022-30225	Windows Media Player 网络共享服务提权漏洞	Important
Windows Network File System	CVE-2022-22028	Windows 网络文件系统信息泄露漏洞	Important
Windows Performance Counters	CVE-2022-22036	Windows 特权提升漏洞的性能计数器	Important
Windows Point-to-Point Tunneling Protocol	CVE-2022-30211	Windows 第 2 层隧道协议 (L2TP) 远程代码执行漏洞	Important
Windows Portable Device Enumerator Service	CVE-2022-22023	Windows 便携式设备枚举器服务安全功能绕过漏洞	Important
Windows Print Spooler Components	CVE-2022-30206	Windows 后台打印程序特权提升漏洞	Important
Windows Print Spooler Components	CVE-2022-30226	Windows 后台打印程序特权提升漏洞	Important
Windows Print Spooler Components	CVE-2022-22022	Windows 后台打印程序特权提升漏洞	Important
Windows Print Spooler Components	CVE-2022-22041	Windows 后台打印程序特权提升漏洞	Important
Windows Security Account Manager	CVE-2022-30208	Windows 安全帐户管理器 (SAM) 拒绝服务漏洞	Important
Windows Server Service	CVE-2022-30216	Windows Server 服务篡改漏洞	Important
Windows Shell	CVE-2022-30222	Windows Shell 远程代码执行漏洞	Important
Windows Storage	CVE-2022-30220	Windows 通用日志文件系统驱动程序特权提升漏洞	Important
XBox	CVE-2022-33644	Xbox Live 保存服务特权提升漏洞	Important

声明

本安全公告仅用来描述可能存在的安全问题，绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，绿盟科技以及安全公告作者不为此承担任何责任。

一、漏洞概述

二、重点漏洞简述

三、影响范围

四、漏洞防护

4.1 补丁更新

Meet The Author