关注获取即时动态【风险通告】Microsoft Defender 缓冲区溢出高危漏洞通知
2021-01-13 16:00:36 来源:蓝队云 阅读量:3832我司在安全漏洞预警机制排查时发现,Microsoft官方于2021年1月12日发布了Microsoft Defender 缓冲区溢出漏洞的风险通告,该漏洞编号为CVE-2021-1647,漏洞等级:高危,漏洞评分:7.8,特将漏洞详情通告如下:
一、漏洞详情
攻击者通过构造特殊的PE文件,使得Microsoft Defender在对该文件进行解析的时候,产生缓冲区溢出,从而造成远程代码执行。目前,漏洞细节已公开,Microsoft官方已发布升级版本信息。
二、影响版本
-Microsoft:Microsoft Defender:Windows 8.1 for 32-bit systems
-Microsoft:Microsoft Defender:Windows 7 for x64-based Systems Service Pack 1
-Microsoft:Microsoft Defender:Windows 7 for 32-bit Systems Service Pack 1
-Microsoft:Microsoft Defender:Windows Server 2016 (Server Core installation)
-Microsoft:Microsoft Defender:Windows Server 2016
-Microsoft:Microsoft Defender:Windows 10 Version 1607 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1607 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows 10 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows Server, version 20H2 (Server Core Installation)
-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for ARM64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for x64-based Systems
-Microsoft:Microsoft Defender:Windows Server, version 2004 (Server Core installation)
-Microsoft:Microsoft Defender:Windows 10 Version 2004 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 2004 for ARM64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 2004 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows Server, version 1909 (Server Core installation)
-Microsoft:Microsoft Defender:Windows 10 Version 1909 for ARM64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1909 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1909 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows Server 2019 (Server Core installation)
-Microsoft:Microsoft Defender:Windows Server 2019
-Microsoft:Microsoft Defender:Windows 10 Version 1809 for ARM64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1809 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1809 for 32-bit Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1803 for ARM64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1803 for x64-based Systems
-Microsoft:Microsoft Defender:Windows 10 Version 1803 for 32-bit Systems
-Microsoft:Microsoft System Center 2012 Endpoint Protection
-Microsoft:Microsoft Security Essentials
-Microsoft:Microsoft System Center 2012 R2 Endpoint Protection
-Microsoft:Microsoft System Center Endpoint Protection
-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2
-Microsoft:Microsoft Defender:Windows RT 8.1
-Microsoft:Microsoft Defender:Windows 8.1 for x64-based systems
-Microsoft:Microsoft Defender:Windows Server 2012 R2 (Server Core installation)
-Microsoft:Microsoft Defender:Windows Server 2012 R2
-Microsoft:Microsoft Defender:Windows Server 2012 (Server Core installation)
三、修复建议
微软官方已更新受影响软件的安全补丁,用户可根据不同版本系统下载安装对应的安全补丁,安全更新链接如下:https://www.landui.com/update-guide/en-us/vulnerability/CVE-2021-1647
四、高危风险重要提醒
1. 请您及时进行Microsoft Windows版本检查、更新;
2. 请您保持Windows server / Windows 检测并开启自动更新功能;Windows自动更新流程如下:
1) 点击开始菜单,在弹出的菜单中选择“控制面板”进行下一步。
2) 点击控制面板页面中的“系统和安全”,进入设置。
3) 在弹出的新的界面中选择“windows update”中的“启用或禁用自动更新”。
4) 然后进入设置窗口,展开下拉菜单项,选择其中的自动安装更新(推荐)。
3. 请您在安全管理中养成数据备份的好习惯,做好数据备份工作,避免因数据丢失给您带来的损失。
7X24技术支持热线:0871-63886388
24小时值班QQ : 4001544001
