Windows HTTP协议栈远程代码执行漏洞的紧急预警
发布时间:2022-01-13
点击数:
一、安全预警
近期,发现 Windows HTTP 协议栈远程代码执行漏洞,攻 击者可利用该漏洞传播蠕虫病毒。HTTP 是一个用于传输超媒体 文档的应用层协议,它是为 Web 浏览器与 Web 服务器之间的 通信而设计,Windows 上的 HTTP 协议栈用于 windows 上的 We b 服务器。应用范围较广,因此威胁影响范围较大。 请各重点单位高度重视,加强网络安全防护,切实保障网络 系统安全稳定运行。
二、事件信息
(一)事件概要
事件名称:Windows HTTP 协议栈远程代码执行漏洞
CVE 编号 :CVE-2022-21907
威胁类型:远程代码执行
威胁等级:高
受影响的应用版本:
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
(二)漏洞描述
由于 HTTP 协议栈(HTTP.sys)中的 HTTP Trailer Support 功 能中存在边界错误导致缓冲区溢出。该漏洞允许未授权的远程攻 击者通过向 Web 服务器发送一个特制的 HTTP 请求,触发缓冲 区溢出,从而在目标系统上执行任意代码。
(三)影响范围
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
三、处置建议
(一)解决方案
官方已发布更新补丁,链接地址如下:https://msrc.microsoft.com/update-guide/en-US/vulnerability/C VE-2022-21907
四、应急处置建议
一旦发现系统中存在漏洞被利用的情况,请您第一时间通知我司,同时开展以下紧急处置:
一是立即断开被入侵的主机系统的网络连接,防止进一步危 害
二是留存相关日志信息;
三是通过“解决方案”加固系统并通过检查确认无相关漏洞 后再恢复网络连接