1023
Windows SMB 安全漏洞预警
Windows系统安全更新
2017年10月10日,微软发布了2017年10月安全更新公告,修补了多个高危漏洞,根据公告描述受影响的系统从Windows Server 2008到Windows 10都包含:
Windows 10 1703
Windows 10 1607
Windows Server 2016
Windows 10 1511
Windows 10 RTM
Windows 8.1
Windows Server 2012 R2
Windows Server 2012
Windows 7
Windows Server 2008 R2
Windows Server 2008
软件更新摘要:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/summary
同时也包含客户端安全更新,特别是已经有在利用的Office漏洞:
Internet Explorer
Microsoft Edge
Office
SharePoint
漏洞可利用情况
根据公告,CVE-2017-11780的Windows SMB(SMBv1)远程代码执行漏洞攻击成功率很高,利用代码一旦公开可能会有恶意攻击者用来制造蠕虫传播;在局域网情形中CVE-2017-11771的Windows Search远程代码执行漏洞也是通过SMB连接远程触发,攻击成功后即可控制目标计算机;同时CVE-2017-11779的Windows DNSAPI远程执行代码漏洞,也可能受到攻击者建立的一台恶意DNS服务器的虚假响应而被攻击;而CVE-2017-11826的Microsoft Office内存损坏漏洞利用样本已经出现在攻击行动中,建议尽快安装安全更新补丁和采取相应的缓解措施保护系统安全运行。
影响版本范围
其中CVE-2017-11780的Windows SMB(SMBv1)远程代码执行漏洞影响如下系统版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微软更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
其中CVE-2017-11771的Windows Search远程代码执行漏洞影响如下系统版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微软更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
其中CVE-2017-11779的Windows DNSAPI远程执行代码漏洞影响如下系统版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微软更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
其中CVE-2017-11826的Microsoft Office内存损坏漏洞影响如下Office版本:
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Online Server 2016
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services(Microsoft SharePoint Server 2013 Service Pack 1)
Word Automation Services(Microsoft SharePoint Server 2010 Service Pack 2)
微软更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826
缓解措施(安全应急建议等)
紧急:目前攻击代码已经出现强烈建议尽快安装安全更新补丁
优先措施:个人电脑开启防火墙拦截外部访问本机TCP445端口,服务器开启安全策略限制指定IP访问本机TCP445端口。
补丁更新:可以通过系统自带的更新功能打补丁,也可以单独安装具体的补丁,对应版本参考如下微软更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826
找到对应的系统版本,点击“Security Update”即可下载单独的补丁。
安全配置:如果某些特殊环境下的系统不方便打补丁,可以参考如下安全配置进行变通处理。
针对CVE-2017-11780的Windows SMB(SMBv1)远程代码执行漏洞,可以参考如何在 Windows 和 Windows Server 中启用和禁用SMBv1、SMBv2和SMBv3的指南:
https://support.microsoft.com/zh-cn/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
CVE-2017-11771的Windows Search远程代码执行漏洞,可以参考禁用WSearch服务的方法:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
安全应急建议:Windows SMB的漏洞在历史上出现过严重蠕虫传播攻击,强烈建议尽快更新安全补丁和继续关注安全威胁动态。
最后更新:2017-10-20 00:31:04
上一篇:
win10 1709系统版本更新失败
下一篇: 创意者更新后 开始菜单栏 搜索 及任务栏调整失灵
- 你的设备已过期,并缺少重要的安全和质量更新,因此存在风险。让我们带你重回正轨,这样
- Microsoft store 无法联网,显示Microsoft Store需要联网,你似乎没有联网
- 设备以迁移 由于仅部分匹配或匹配不明确,因此无法迁移设备
- 由于在创建转储期间出错,创建转储文件失败。
- 发生临时 DNS 错误
- 应用商店,在我们这边发生问题,无法使你登陆,错误代码: 0xD000000D
- 照相机不可用,错误代码:0xA00F4244(0xC00DABE0)
- 应用商店打开异常提示“清单中指定了未知的布局”
- 自定义扫描Windows defender里面的设备性能和运行状况 黄色感叹号问题
- windows预口体验成员内口版本遇到问题需要重启
热门内容
- windows10 点开此电脑后,有两个显示硬盘盘符的目录是怎么回事?
- windows 10 专业版无法下载中文语言包
- KB4056892
- win10不能共享文件夹
- 在Surfacebook上用Windows to go 1703版本,更新后重启蓝屏,无法进入系统
- windows10 1709版本更新失败,错误0x8007001f
- microdoft visual c++ 2015 redistributable
- WIN10 Insider Preview 17025更新失败,错误代码0x80096004
- 计算机管理服务 出现一个内部错误(INVALID
- 关于控制面板中的安全和维护内提示Windows defender 防病毒已关闭的问题