CNNVD通報Microsoft Windows Support Diagnostic Tool安全漏洞
2022年06月09日
日前���,國家信息安全漏洞庫(CNNVD)正式發(fā)布了關于Microsoft Windows Support Diagnostic Tool安全漏洞(CNNVD-202205-4277、CVE-2022-30190)的情況通報���。成功利用此漏洞的攻擊者�,可在目標主機執(zhí)行惡意代碼���。Windows 11����、Windows 10 �、Windows 8、Windows 7��、Windows Server 2022���、Windows Server 2016���、Windows Server 2012、Windows Server 2008����、Windows Server version 20H2��、Windows Server 2022等多個系統(tǒng)版本均受此漏洞影響���。目前�,微軟官方發(fā)布了臨時修補措施緩解漏洞帶來的危害,請用戶及時確認是否受到漏洞影響��,盡快采取修補措施���。
漏洞介紹
Microsoft Windows Support Diagnostic Tool是美國微軟公司Windows操作系統(tǒng)內的一個程序�,用于排除故障并收集診斷數據以供技術人員分析和解決問題�。該漏洞源于Microsoft Windows Support Diagnostic Tool中的URL協(xié)議存在邏輯問題,攻擊者可誘使目標主機的應用(如word)通過Microsoft Windows Support Diagnostic Tool中的URL協(xié)議下載并打開特制的文件���,進而在目標主機執(zhí)行惡意代碼��。
危害影響
成功利用此漏洞的攻擊者����,可在目標主機執(zhí)行惡意代碼�����。以下操作系統(tǒng)版本受漏洞影響:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
修復建議
目前����,微軟官方發(fā)布了臨時修補措施緩解漏洞帶來的危害��,請用戶及時確認是否受到漏洞影響�����,盡快采取修補措施���。官方鏈接如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
文章來源:CNNVD
