微软7月安全更新多个产品高危漏洞通告

一、漏洞概述

7月13日,绿盟科技CERT监测到微软发布7月安全更新补丁,修复了84个安全问题,涉及Windows、Microsoft Office、Windows Print Spooler Components、Windows Hyper-V、Azure Site Recovery等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。

本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有4个,重要(Important)漏洞有80个,其中包括1个0day漏洞:

Windows CSRSS权限提升漏洞(CVE-2022-22047)

请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。

绿盟远程安全评估系统(RSAS)已具备微软此次补丁更新中大部分漏洞的检测能力(包括CVE-2022-22047CVE-2022-30221CVE-2022-22029CVE-2022-22039CVE-2022-22038等高危漏洞),请相关用户关注绿盟远程安全评估系统系统插件升级包的更新,及时升级至V6.0R02F01.2802,官网链接:http://update.nsfocus.com/update/listRsasDetail/v/vulsys

 

参考链接:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

二、重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Windows CSRSS权限提升漏洞(CVE-2022-22047):

Windows CSRSS存在权限提升漏洞,由于CSRSS中的应用程序未实行正确的安全限制,具有低权限的本地攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限并执行任意代码,且无需用户交互。微软官方表示,该漏洞已被监测到存在在野利用。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047

 

Remote Procedure Call Runtime远程代码执行漏洞(CVE-2022-22038):

Remote Procedure Call Runtime存在远程代码执行漏洞。未经身份验证的远程攻击者通过利用该漏洞在目标系统上任意执行代码。该漏洞的利用复杂度较高,微软官方表示:要成功利用此漏洞,攻击者需要通过发送恒定或间歇性数据来重复利用尝试。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038

 

Windows Network File System远程代码执行漏洞(CVE-2022-22029/CVE-2022-22039):

Windows Network File System存在远程代码执行漏洞(CVE-2022-22029/CVE-2022-22039),未经身份验证的远程攻击者通过向网络文件系统(NFS)服务器发送特制的请求包,最终导致在目标系统上执行任意代码。以上漏洞的利用复杂度较高,微软官方表示:要成功利用漏洞,攻击者需要通过发送恒定或间歇性数据来重复利用尝试。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039

 

Windows Graphics Component远程代码执行漏洞(CVE-2022-30221):

未经身份验证的远程攻击者可以通过诱导用户与恶意的RDP服务器相连接,最终导致在目标系统上任意执行代码。微软官方表示:只有安装了RDP 8.0或RDP 8.1的操作系统才会受到此漏洞的影响,如果用户没有在Windows 7 SP1或Window Server 2008 R2 SP1上安装这些版本的RDP,则不会受到该漏洞影响。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221

 

Windows Graphics Component权限提升漏洞(CVE-2022-22034):

Windows Graphics Component存在权限提升漏洞,由于Graphics Component中的应用程序未实行正确的安全限制,具有低权限的本地攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限,且无需用户交互,CVSS评分为7.8。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034

 

Active Directory Federation Services权限提升漏洞(CVE-2022-30215):

活动目录(Active Directory)是面向 Windows Standard Server、Windows Enterprie Server 以及 Windows Datacenter Server 的目录服务。由于Active Directory联合服务的安全限制存在缺陷,在特定的配置环境中,具有低权限的远程攻击者可利用该漏洞绕过Active Directory信任边界,在目标系统上提升为域管理员权限并执行任意代码。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30215

 

Windows Server Service篡改漏洞(CVE-2022-30216):

Server Service存在服务篡改漏洞,由于Windows Server中的应用程序未实行正确的安全限制,经过身份验证的远程攻击者需要通过上传特制的恶意证书到目标服务器,最终可在目标系统任意执行代码,且无需用户交互。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30216

 

Windows Common Log File System Driver权限提升漏洞(CVE-2022-30220):

Common Log File System Driver存在权限提升漏洞,由于该产品中的应用程序未实行正确的安全限制,具有低权限的本地攻击者通过利用该漏洞绕过安全限制,从而在目标系统上提升至SYSTEM权限并执行任意代码,且无需用户交互,CVSS评分为7.8。

官方通告链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30220

三、影响范围

以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号 受影响产品版本
CVE-2022-22038

 

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22029

CVE-2022-22039

 

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019  (Server Core installation)

Windows Server 2019

CVE-2022-30221

 

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Remote Desktop client for Windows Desktop

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-22034

CVE-2022-30220

CVE-2022-22047

 

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2022-30215 Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows Server, version 20H2 (Server Core Installation)

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019  (Server Core installation)

Windows Server 2019

CVE-2022-30216

 

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

四、漏洞防护

4.1 补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2022-Jul

注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。

右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。

附录:漏洞列表

影响产品 CVE编号 漏洞标题 严重程度
Microsoft Graphics Component CVE-2022-30221 Windows 图形组件远程代码执行漏洞 Critical
Windows Network File System CVE-2022-22029 Windows 网络文件系统远程代码执行漏洞 Critical
Windows Network File System CVE-2022-22039 Windows 网络文件系统远程代码执行漏洞 Critical
Windows Remote Procedure Call Runtime CVE-2022-22038 远程过程调用运行时远程代码执行漏洞 Critical
AMD CPU Branch CVE-2022-23825 AMD:CVE-2022-23825 AMD CPU 分支类型混淆 Important
AMD CPU Branch CVE-2022-23816 AMD:CVE-2022-23816 AMD CPU 分支类型混淆 Important
Azure Site Recovery CVE-2022-33665 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33666 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33663 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33664 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33667 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33672 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33673 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33671 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33668 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33661 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33662 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33657 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33656 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33658 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33660 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33659 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33655 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33651 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33650 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33652 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33654 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33653 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33669 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33643 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-30181 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33676 Azure Site Recovery 远程代码执行漏洞 Important
Azure Site Recovery CVE-2022-33677 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33678 Azure Site Recovery 远程代码执行漏洞 Important
Azure Site Recovery CVE-2022-33642 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33674 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33675 Azure Site Recovery 特权提升漏洞 Important
Azure Site Recovery CVE-2022-33641 Azure Site Recovery 特权提升漏洞 Important
Azure Storage Library CVE-2022-30187 Azure 存储库信息泄露漏洞 Important
Microsoft Defender for Endpoint CVE-2022-33637 Microsoft Defender 端点篡改漏洞 Important
Microsoft Graphics Component CVE-2022-22034 Windows 图形组件特权提升漏洞 Important
Microsoft Graphics Component CVE-2022-30213 Windows GDI+ 信息泄露漏洞 Important
Microsoft Office CVE-2022-33632 Microsoft Office 安全功能绕过漏洞 Important
Open Source Software CVE-2022-27776 HackerOne:CVE-2022-27776 凭据保护不足漏洞可能会泄漏身份验证或 cookie 标头数据 Important
Role: DNS Server CVE-2022-30214 Windows DNS 服务器远程执行代码漏洞 Important
Role: Windows Fax Service CVE-2022-22024 Windows 传真服务远程代码执行漏洞 Important
Role: Windows Fax Service CVE-2022-22027 Windows 传真服务远程代码执行漏洞 Important
Role: Windows Hyper-V CVE-2022-30223 Windows Hyper-V 信息泄露漏洞 Important
Role: Windows Hyper-V CVE-2022-22042 Windows Hyper-V 信息泄露漏洞 Important
Skype for Business and Microsoft Lync CVE-2022-33633 Skype for Business 和 Lync 远程代码执行漏洞 Important
Windows Active Directory CVE-2022-30215 Active Directory 联合服务特权提升漏洞 Important
Windows Advanced Local Procedure Call CVE-2022-30202 Windows 高级本地过程调用特权提升漏洞 Important
Windows Advanced Local Procedure Call CVE-2022-30224 Windows 高级本地过程调用特权提升漏洞 Important
Windows Advanced Local Procedure Call CVE-2022-22037 Windows 高级本地过程调用特权提升漏洞 Important
Windows BitLocker CVE-2022-22711 Windows BitLocker 信息泄露漏洞 Important
Windows BitLocker CVE-2022-22048 BitLocker 安全功能绕过漏洞 Important
Windows Boot Manager CVE-2022-30203 Windows 启动管理器安全功能绕过漏洞 Important
Windows Client/Server Runtime Subsystem CVE-2022-22026 Windows CSRSS 特权提升漏洞 Important
Windows Client/Server Runtime Subsystem CVE-2022-22049 Windows CSRSS 特权提升漏洞 Important
Windows Client/Server Runtime Subsystem CVE-2022-22047 Windows CSRSS 特权提升漏洞 Important
Windows Connected Devices Platform Service CVE-2022-30212 Windows 连接设备平台服务信息泄露漏洞 Important
Windows Credential Guard CVE-2022-22031 Windows Credential Guard 加入域的公钥提权漏洞 Important
Windows Fast FAT Driver CVE-2022-22043 Windows 快速 FAT 文件系统驱动程序特权提升漏洞 Important
Windows Fax and Scan Service CVE-2022-22050 Windows 传真服务特权提升漏洞 Important
Windows Group Policy CVE-2022-30205 Windows 组策略特权提升漏洞 Important
Windows IIS CVE-2022-30209 Windows IIS 服务器特权提升漏洞 Important
Windows IIS CVE-2022-22025 Windows Internet Information Services Cachuri 模块拒绝服务漏洞 Important
Windows IIS CVE-2022-22040 Internet 信息服务动态压缩模块拒绝服务漏洞 Important
Windows Kernel CVE-2022-21845 Windows 内核信息泄露漏洞 Important
Windows Media CVE-2022-22045 Windows.Devices.Picker.dll 特权提升漏洞 Important
Windows Media CVE-2022-30225 Windows Media Player 网络共享服务提权漏洞 Important
Windows Network File System CVE-2022-22028 Windows 网络文件系统信息泄露漏洞 Important
Windows Performance Counters CVE-2022-22036 Windows 特权提升漏洞的性能计数器 Important
Windows Point-to-Point Tunneling Protocol CVE-2022-30211 Windows 第 2 层隧道协议 (L2TP) 远程代码执行漏洞 Important
Windows Portable Device Enumerator Service CVE-2022-22023 Windows 便携式设备枚举器服务安全功能绕过漏洞 Important
Windows Print Spooler Components CVE-2022-30206 Windows 后台打印程序特权提升漏洞 Important
Windows Print Spooler Components CVE-2022-30226 Windows 后台打印程序特权提升漏洞 Important
Windows Print Spooler Components CVE-2022-22022 Windows 后台打印程序特权提升漏洞 Important
Windows Print Spooler Components CVE-2022-22041 Windows 后台打印程序特权提升漏洞 Important
Windows Security Account Manager CVE-2022-30208 Windows 安全帐户管理器 (SAM) 拒绝服务漏洞 Important
Windows Server Service CVE-2022-30216 Windows Server 服务篡改漏洞 Important
Windows Shell CVE-2022-30222 Windows Shell 远程代码执行漏洞 Important
Windows Storage CVE-2022-30220 Windows 通用日志文件系统驱动程序特权提升漏洞 Important
XBox CVE-2022-33644 Xbox Live 保存服务特权提升漏洞 Important

声明

本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。

Spread the word. Share this post!

Meet The Author