通告编号:ns-2021-0015
2021-04-14
TAG:
安全更新、Windows、Office、Exchange、Edge、Visual Studio
漏洞危害:
攻击者利用本次安全更新中的漏洞,可造成信息泄露、权限提升、远程代码执行等。
版本:
1.0
1
漏洞概述
4月14日,微软发布4月安全更新补丁,修复了114个安全漏洞,涉及Windows、Office、Edge (Chromium-based) 、Visual Studio Code、Exchange Server、Visual Studio、Azure等广泛使用的产品,其中包括远程代码执行和权限提升等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有19个,重要(Important)漏洞有88个。请相关用户尽快更新补丁进行防护。详细漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr
SEE MORE →
2重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Exchange Server代码执行漏洞(CVE-2021-28480/CVE-2021-28481/CVE-2021-28482/CVE-2021-28483):
攻击者可利用上述漏洞绕过Exchange身份验证,无需用户交互即可实现命令执行。CVE-2021-28480和CVE-2021-28481的CVSS评分为9.8分,是未授权远程代码执行漏洞,未经身份验证的攻击者利用漏洞,可在内网的Exchange服务器进行横向扩散,可能造成蠕虫级漏洞的危害。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28480
https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28481
https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28482
https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28483
Win32k 权限提升漏洞(CVE-2021-28310):
Win32k存在权限提升漏洞,攻击者利用此漏洞可在目标主机上以SYSTEM权限执行任意代码。目前漏洞细节已公开,且已检测到在野攻击。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310
Windows Hyper-V 安全功能绕过漏洞(CVE-2021-28444):
攻击者可以绕过使用Router Guard配置的Hyper-V,将Windows配置为中间人路由器,从而实现截获流量并修改数据包。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28444
Windows SMB信息泄露漏洞(CVE-2021-28324/CVE-2021-28325):
Windows SMB存在两个信息泄露漏洞(CVE-2021-28324、CVE-2021-28325),攻击者可以访问内核空间中的内存内容。CVE-2021-28324无需身份验证,攻击者利用此漏洞可以未授权获取目标系统敏感信息。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28324
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28325
3影响范围
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号
受影响产品版本
CVE-2021-28480CVE-2021-28481CVE-2021-28482CVE-2021-28483
Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 20Microsoft Exchange Server 2013 Cumulative Update 23
CVE-2021-28310
Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for 32-bit Systems
CVE-2021-28444
Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows 8.1 for x64-based systemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 for x64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for x64-based SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1803 for x64-based Systems
CVE-2021-28324
Windows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 2004 for 32-bit Systems
CVE-2021-28325
Windows 10 Version 2004 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows RT 8.1Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based Systems
4漏洞防护
4.1 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
影响产品
CVE 编号
漏洞标题
严重程度
Windows
CVE-2021-27095
Windows Media Video Decoder 远程代码执行漏洞
Critical
Windows
CVE-2021-28315
Windows Media Video Decoder 远程代码执行漏洞
Critical
Windows
CVE-2021-28329
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28330
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28331
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28332
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28333
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28334
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28335
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28336
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28337
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28338
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28339
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Windows
CVE-2021-28343
Remote Procedure Call Runtime 远程代码执行漏洞
Critical
Azure
CVE-2021-28460
Azure Sphere Unsigned Code Execution Vulnerability
Critical
Exchange Server
CVE-2021-28480
Microsoft Exchange Server 远程代码执行漏洞
Critical
Exchange Server
CVE-2021-28481
Microsoft Exchange Server 远程代码执行漏洞
Critical
Exchange Server
CVE-2021-28482
Microsoft Exchange Server 远程代码执行漏洞
Critical
Exchange Server
CVE-2021-28483
Microsoft Exchange Server 远程代码执行漏洞
Critical
Team Foundation Server,Azure DevOps Server
CVE-2021-27067
Azure DevOps Server and Team Foundation Server 信息披露漏洞
Important
Windows
CVE-2021-27072
Win32k 权限提升漏洞
Important
Windows
CVE-2021-27079
Windows Media Photo Codec 信息披露漏洞
Important
Windows
CVE-2021-27088
Windows Event Tracing 权限提升漏洞
Important
Windows
CVE-2021-27089
Microsoft Internet Messaging API 远程代码执行漏洞
Important
Windows
CVE-2021-27090
Windows Secure Kernel Mode 权限提升漏洞
Important
Windows
CVE-2021-27091
RPC Endpoint Mapper Service 权限提升漏洞
Important
Windows
CVE-2021-27092
Azure AD Web Sign-in 安全功能绕过漏洞
Important
Windows
CVE-2021-27093
Windows Kernel 信息披露漏洞
Important
Windows
CVE-2021-27094
Windows Early Launch Antimalware Driver 安全功能绕过漏洞
Important
Windows
CVE-2021-27096
NTFS 权限提升漏洞
Important
Windows
CVE-2021-26413
Windows Installer 欺骗漏洞
Important
Windows
CVE-2021-26415
Windows Installer 权限提升漏洞
Important
Windows
CVE-2021-26416
Windows Hyper-V 拒绝服务漏洞
Important
Windows
CVE-2021-26417
Windows Overlay Filter 信息披露漏洞
Important
Windows
CVE-2021-28309
Windows Kernel 信息披露漏洞
Important
Windows
CVE-2021-28310
Win32k 权限提升漏洞
Important
Windows
CVE-2021-28311
Windows Application Compatibility Cache 拒绝服务漏洞
Important
Microsoft Visual Studio,Windows
CVE-2021-28313
Diagnostics Hub Standard Collector Service 权限提升漏洞
Important
Windows
CVE-2021-28314
Windows Hyper-V 权限提升漏洞
Important
Windows
CVE-2021-28316
Windows WLAN AutoConfig Service 安全功能绕过漏洞
Important
Windows
CVE-2021-28317
Microsoft Windows Codecs Library 信息披露漏洞
Important
Windows
CVE-2021-28318
Windows GDI+ 信息披露漏洞
Important
Windows
CVE-2021-28319
Windows TCP/IP Driver 拒绝服务漏洞
Important
Windows
CVE-2021-28320
Windows Resource Manager PSM Service Extension 权限提升漏洞
Important
Microsoft Visual Studio,Windows
CVE-2021-28321
Diagnostics Hub Standard Collector Service 权限提升漏洞
Important
Microsoft Visual Studio,Windows
CVE-2021-28322
Diagnostics Hub Standard Collector Service 权限提升漏洞
Important
Windows
CVE-2021-28323
Windows DNS 信息披露漏洞
Important
Windows
CVE-2021-28324
Windows SMB 信息披露漏洞
Important
Windows
CVE-2021-28325
Windows SMB 信息披露漏洞
Important
Windows
CVE-2021-28326
Windows AppX Deployment Server 拒绝服务漏洞
Important
Windows
CVE-2021-28327
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28328
Windows DNS 信息披露漏洞
Important
Windows
CVE-2021-28340
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28341
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28342
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28344
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28345
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28346
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28347
Windows Speech Runtime 权限提升漏洞
Important
Windows
CVE-2021-28348
Windows GDI+ 远程代码执行漏洞
Important
Windows
CVE-2021-28349
Windows GDI+ 远程代码执行漏洞
Important
Windows
CVE-2021-28350
Windows GDI+ 远程代码执行漏洞
Important
Windows
CVE-2021-28351
Windows Speech Runtime 权限提升漏洞
Important
Windows
CVE-2021-28352
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28353
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28354
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28355
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28356
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28357
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28358
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28434
Remote Procedure Call Runtime 远程代码执行漏洞
Important
Windows
CVE-2021-28435
Windows Event Tracing 信息披露漏洞
Important
Windows
CVE-2021-28436
Windows Speech Runtime 权限提升漏洞
Important
Windows
CVE-2021-28437
Windows Installer 信息披露漏洞
Important
Windows
CVE-2021-28438
Windows Console Driver 拒绝服务漏洞
Important
Windows
CVE-2021-28439
Windows TCP/IP Driver 拒绝服务漏洞
Important
Windows
CVE-2021-28440
Windows Installer 权限提升漏洞
Important
Windows
CVE-2021-28441
Windows Hyper-V 信息披露漏洞
Important
Windows
CVE-2021-28442
Windows TCP/IP 信息披露漏洞
Important
Windows
CVE-2021-28443
Windows Console Driver 拒绝服务漏洞
Important
Windows
CVE-2021-28444
Windows Hyper-V 安全功能绕过漏洞
Important
Windows
CVE-2021-28445
Windows Network File System 远程代码执行漏洞
Important
Windows
CVE-2021-28446
Windows Portmapping 信息披露漏洞
Important
Windows
CVE-2021-28447
Windows Early Launch Antimalware Driver 安全功能绕过漏洞
Important
Visual Studio Code - Kubernetes Tools
CVE-2021-28448
Visual Studio Code Kubernetes Tools 远程代码执行漏洞
Important
Microsoft Office
CVE-2021-28449
Microsoft Office 远程代码执行漏洞
Important
Microsoft Office
CVE-2021-28450
Microsoft SharePoint Denial of Service Update
Important
Microsoft Office
CVE-2021-28451
Microsoft Excel 远程代码执行漏洞
Important
Microsoft Office
CVE-2021-28452
Microsoft Outlook 内存泄露漏洞
Important
Microsoft Office
CVE-2021-28453
Microsoft Word 远程代码执行漏洞
Important
Microsoft Office
CVE-2021-28454
Microsoft Excel 远程代码执行漏洞
Important
Microsoft Office
CVE-2021-28456
Microsoft Excel 信息披露漏洞
Important
Visual Studio Code
CVE-2021-28457
Visual Studio Code 远程代码执行漏洞
Important
Azure
CVE-2021-28458
Azure ms-rest-nodeauth Library 权限提升漏洞
Important
Azure DevOps Server
CVE-2021-28459
Azure DevOps Server 欺骗漏洞
Important
Visual Studio Code
CVE-2021-28469
Visual Studio Code 远程代码执行漏洞
Important
Visual Studio Code - GitHub Pull Requests and Issues Extension
CVE-2021-28470
Visual Studio Code GitHub Pull Requests and Issues Extension 远程代码执行漏洞
Important
Visual Studio Code
CVE-2021-28471
Remote Development Extension for Visual Studio Code 远程代码执行漏洞
Important
Visual Studio Code - Maven for Java Extension
CVE-2021-28472
Visual Studio Code Maven for Java Extension 远程代码执行漏洞
Important
Visual Studio Code
CVE-2021-28475
Visual Studio Code 远程代码执行漏洞
Important
Visual Studio Code
CVE-2021-28477
Visual Studio Code 远程代码执行漏洞
Important
Microsoft Visual Studio
CVE-2021-27064
Visual Studio Installer 权限提升漏洞
Important
Windows
CVE-2021-27086
Windows Services and Controller App 权限提升漏洞
Important
Windows
CVE-2021-28464
VP9 Video Extensions 远程代码执行漏洞
Important
Windows
CVE-2021-28466
Raw Image Extension 远程代码执行漏洞
Important
Windows
CVE-2021-28468
Raw Image Extension 远程代码执行漏洞
Important
Visual Studio Code
CVE-2021-28473
Visual Studio Code 远程代码执行漏洞
Important
Windows
CVE-2021-28312
Windows NTFS 拒绝服务漏洞
Moderate
Microsoft Edge (Chromium-based)
CVE-2021-21194
Chromium: CVE-2021-21194 Use after free in screen capture
Unknown
Microsoft Edge (Chromium-based)
CVE-2021-21195
Chromium: CVE-2021-21195 Use after free in V8
Unknown
Microsoft Edge (Chromium-based)
CVE-2021-21196
Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
Unknown
Microsoft Edge (Chromium-based)
CVE-2021-21197
Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
Unknown
Microsoft Edge (Chromium-based)
CVE-2021-21198
Chromium: CVE-2021-21198 Out of bounds read in IPC
Unknown
Microsoft Edge (Chromium-based)
CVE-2021-21199
Chromium: CVE-2021-21199 Use Use after free in Aura
Unknown
END
作者:绿盟科技威胁对抗能力部
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
