一、漏洞概述
5月11日,绿盟科技CERT监测到微软发布5月安全更新补丁,修复了75个安全问题,涉及Windows、Active Directory、Print Spooler、Remote Desktop Client等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有8个,重要(Important)漏洞有67个,其中包括3个0day漏洞:
Windows LSA 欺骗漏洞(CVE-2022-26925)
Windows Hyper-V拒绝服务漏洞(CVE-2022-22713)
Magnitude Simba Amazon Redshift ODBC驱动程序中的漏洞(CVE-2022-29972)
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大部分漏洞的检测能力(包括CVE-2022-26923、CVE-2022-29142、CVE-2022-26937、CVE-2022-22017等高危漏洞),请相关用户关注绿盟远程安全评估系统系统插件升级包的更新,及时升级至V6.0R02F01.2706,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys
参考链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-May
二、重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Active Directory Domain Services权限提升漏洞(CVE-2022-26923):
活动目录(Active Directory)是面向 Windows Standard Server、Windows Enterprie Server 以及 Windows Datacenter Server 的目录服务。由于Active Directory域服务的安全限制存在缺陷,当 Active Directory证书服务在域上运行时,经过身份验证的远程攻击者可利用该漏洞对所管理的计算机帐户的属性进行操作,并从 Active Directory 证书服务获取允许权限提升的证书,从而在目标系统上提升为管理员权限并执行任意代码。CVSS评分为8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923
Windows LSA 欺骗漏洞(CVE-2022-26925):
Windows LSA 服务中存在欺骗漏洞,未经身份验证的攻击者可以调用 LSARPC 接口上的方法并强制域控制器使用 NTLM 向攻击者进行身份验证,最终导致目标系统崩溃,且无需用户交互。目前该漏洞已被监测到存在在野利用,CVSS评分为8.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925
Windows Kernel权限提升漏洞(CVE-2022-29142):
Windows Kernel中存在权限提升漏洞,普通用户权限的本地攻击者可利用该漏洞提升至SYSTEM 权限,最终可实现在目标系统上任意执行代码,且无需用户交互。CVSS评分为7.0。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29142
Magnitude Simba Amazon Redshift ODBC 驱动程序远程代码执行漏洞(CVE-2022-29972):
该漏洞存在于用于连接 Amazon Redshift 的第三方 ODBC 数据连接器、Azure Synapse Pipelines 的集成运行时基础结构 (IR) 和 Azure 数据工厂中。经过身份验证的远程攻击者可以在跨集成运行时执行任意代码,且无需用户交互。目前该漏洞已被公开披露。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972
Windows Kerberos 权限提升漏洞(CVE-2022-26931):
由于Windows Kerberos中的应用程序未实行正确的安全限制,具有低权限的远程攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限,且无需用户交互。CVSS评分为7.5。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931
Windows Network File System远程代码执行漏洞(CVE-2022-26937):
Windows Network File System存在远程代码执行漏洞,由于对Windows Network File System中用户提供的输入的验证不充分,无需进行身份验证的远程攻击者可利用该漏洞向目标系统发送特制的NFS请求,最终导致在目标系统上任意执行代码,且无需用户交互。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937
Point-to-Point Tunneling Protocol远程代码执行漏洞(CVE-2022-23270/CVE-2022-21972):
Point-to-Point Tunneling Protocol中存在远程代码执行漏洞,未经身份验证的远程攻击者通过向 RAS 服务器发送特制的连接请求,最终导致在RAS服务器计算机上执行任意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972
Remote Desktop Client远程代码执行漏洞(CVE-2022-22017):
在远程桌面连接的情况下,当受害者的远程桌面客户端与攻击服务器连接时,控制远程桌面服务器的攻击者可以在 RDP 客户端计算机上触发该漏洞,从而在目标系统上以用户权限执行任意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017
Microsoft SharePoint Server 远程代码执行漏洞(CVE-2022-29108):
Microsoft SharePoint Server存在远程代码执行漏洞。由于Microsoft SharePoint Server中的输入验证存在缺陷。经过身份验证的远程攻击者通过向服务器发送特制请求,最终导致在目标服务器上执行任意代码。成功利用此漏洞可能会导致易受攻击的系统完全攻陷。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108
Windows Print Spooler权限提升漏洞(CVE-2022-29132/CVE-2022-29104):
Windows Print Spooler中存在权限提升漏洞,由于应用程序没有在Windows Print Spooler中正确施加安全限制,经过身份验证的本地攻击者利用该漏洞在目标系统上以SYSTEM权限执行任意代码。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104
三、影响范围
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
CVE-2022-26923
|
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64-based Systems Windows 8.1 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2022-29142
|
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems |
CVE-2022-29972 | Self-hosted Integration Runtime |
CVE-2022-26931
CVE-2022-21972 CVE-2022-23270 CVE-2022-21972 CVE-2022-29132 CVE-2022-26925 |
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based Systems-based systems Windows 8.1 for 32-bit Systems-based systems Windows 7 for x64-based Systems-based Systems Service Pack 1 Windows 7 for 32-bit Systems-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems-based Systems Windows 10 Version 1607 for 32-bit Systems-bit Systems Windows 10 for x64-based Systems-based Systems-based Systems Windows 10 for 32-bit Systems-bit Systems Windows 10 Version 21H2 for x64-based Systems-based Systems Windows 10 Version 21H2 for ARM64-based Systems-based Systems Windows 10 Version 21H2 for 32-bit Systems-bit Systems Windows 11 for ARM64-based Systems-based Systems Windows 11 for x64-based Systems-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems-based Systems Windows 10 Version 20H2 for 32-bit Systems-bit Systems Windows 10 Version 20H2 for x64-based Systems-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems-bit Systems Windows 10 Version 21H1 for ARM64-based Systems-based Systems Windows 10 Version 21H1 for x64-based Systems-based Systems Windows 10 Version 1909 for ARM64-based Systems-based Systems Windows 10 Version 1909 for x64-based Systems-based Systems Windows 10 Version 1909 for 32-bit Systems-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems-based Systems Windows 10 Version 1809 for x64-based Systems-based Systems Windows 10 Version 1809 for 32-bit Systems-bit Systems |
CVE-2022-26937 | Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
CVE-2022-22017 | Windows 11 for ARM64-based Systems-based Systems
Windows 11 for x64-based Systems-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Remote Desktop client for Windows Desktop |
CVE-2022-29108 | Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
CVE-2022-29104 | Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows RT 8.1 Windows 8.1 for x64-based Systems Windows 8.1 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
四、漏洞防护
4.1 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-May
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29130 | Windows LDAP 远程代码执行漏洞 | Critical |
Windows Network File System | CVE-2022-26937 | Windows 网络文件系统远程代码执行漏洞 | Critical |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22012 | Windows LDAP 远程代码执行漏洞 | Critical |
Visual Studio Code | CVE-2022-30129 | Visual Studio Code 远程执行代码漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29141 | Windows LDAP 远程代码执行漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29139 | Windows LDAP 远程代码执行漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29137 | Windows LDAP 远程代码执行漏洞 | Important |
Windows Kernel | CVE-2022-29133 | Windows 内核特权提升漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29131 | Windows LDAP 远程代码执行漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29129 | Windows LDAP 远程代码执行漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-29128 | Windows LDAP 远程代码执行漏洞 | Important |
Microsoft Office SharePoint | CVE-2022-29108 | Microsoft SharePoint Server 远程执行代码漏洞 | Important |
Microsoft Graphics Component | CVE-2022-26927 | Windows 图形组件远程执行代码漏洞 | Important |
Windows Active Directory | CVE-2022-26923 | Active Directory Domain Services Elevation of Privilege Vulnerability | Important |
Windows Remote Procedure Call Runtime | CVE-2022-22019 | 远程过程调用运行时远程执行代码漏洞 | Important |
Remote Desktop Client | CVE-2022-22017 | 远程桌面客户端远程执行代码漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22014 | Windows LDAP 远程代码执行漏洞 | Important |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2022-22013 | Windows LDAP 远程代码执行漏洞 | Important |
Windows Storage Spaces Controller | CVE-2022-26932 | 储存空间直接特权提升漏洞 | Important |
Microsoft Exchange Server | CVE-2022-21978 | Microsoft Exchange Server 特权提升漏洞 | Important |
Microsoft Local Security Authority Server (lsasrv) | CVE-2022–26925 | Windows LSA 欺骗漏洞 | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-23270 | 点对点隧道协议远程代码执行漏洞 | Important |
Windows Point-to-Point Tunneling Protocol | CVE-2022-21972 | 点对点隧道协议远程代码执行漏洞 | Important |
Visual Studio | CVE-2022-29148 | Visual Studio 远程执行代码漏洞 | Important |
Windows Print Spooler Components | CVE-2022-29132 | Windows 打印后台处理程序特权提升漏洞 | Important |
Role: Windows Fax Service | CVE-2022-29115 | Windows 传真服务远程代码执行漏洞 | Important |
Windows Media | CVE-2022-29113 | Windows Digital Media Receiver 特权提升漏洞 | Important |
Microsoft Office Excel | CVE-2022–29110 | Microsoft Excel 远程执行代码漏洞 | Important |
Microsoft Office Excel | CVE-2022-29109 | Microsoft Excel 远程执行代码漏洞 | Important |
Windows Media | CVE-2022-29105 | Microsoft Windows Media Foundation 远程执行代码漏洞 | Important |
Windows Print Spooler Components | CVE-2022-29104 | Windows 打印后台处理程序特权提升漏洞 | Important |
Windows Remote Access Connection Manager | CVE-2022-29103 | Windows 远程访问连接管理器特权提升漏洞 | Important |
Windows Address Book | CVE-2022-26926 | Windows 通讯簿远程执行代码漏洞 | Important |
Windows PowerShell | CVE-2022-26788 | PowerShell 权限提升漏洞 | Important |
Visual Studio | CVE-2022-24513 | Visual Studio 特权提升漏洞 | Important |
.NET and Visual Studio | CVE-2022-29145 | .NET 和 Visual Studio 拒绝服务漏洞 | Important |
.NET and Visual Studio | CVE-2022-29117 | .NET 和 Visual Studio 拒绝服务漏洞 | Important |
Windows Kerberos | CVE-2022-26931 | Windows Kerberos 特权提升漏洞 | Important |
.NET and Visual Studio | CVE-2022-23267 | .NET 和 Visual Studio 拒绝服务漏洞 | Important |
Windows Authentication Methods | CVE-2022-26913 | Windows 身份验证安全功能绕过漏洞 | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-29151 | Windows 群集共享卷 (CSV) 权限提升漏洞 | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-29150 | Windows 群集共享卷 (CSV) 权限提升漏洞 | Important |
Windows Kernel | CVE-2022-29142 | Windows 内核特权提升漏洞 | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-29138 | Windows 群集共享卷权限提升漏洞 | Important |
Windows Cluster Shared Volume (CSV) | CVE-2022-29135 | Windows 群集共享卷 (CSV) 权限提升漏洞 | Important |
Tablet Windows User Interface | CVE-2022-29126 | Tablet Windows 用户界面应用程序核心特权提升漏洞 | Important |
Windows Push Notifications | CVE-2022-29125 | Windows 推送通知应用程序特权提升漏洞 | Important |
Role: Windows Hyper-V | CVE-2022-29106 | Windows Hyper-V 共享虚拟硬盘特权提升漏洞 | Important |
Windows Storage Spaces Controller | CVE-2022-26939 | 储存空间直接特权提升漏洞 | Important |
Windows Storage Spaces Controller | CVE-2022-26938 | 储存空间直接特权提升漏洞 | Important |
Microsoft Windows ALPC | CVE-2022-23279 | Windows ALPC 特权提升漏洞 | Important |
Windows Media | CVE-2022-22016 | Windows PlayToManager 特权提升漏洞 | Important |
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。