1023
Windows SMB 安全漏洞預警
Windows係統安全更新
2017年10月10日,微軟發布了2017年10月安全更新公告,修補了多個高危漏洞,根據公告描述受影響的係統從Windows Server 2008到Windows 10都包含:
Windows 10 1703
Windows 10 1607
Windows Server 2016
Windows 10 1511
Windows 10 RTM
Windows 8.1
Windows Server 2012 R2
Windows Server 2012
Windows 7
Windows Server 2008 R2
Windows Server 2008
軟件更新摘要:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/summary
同時也包含客戶端安全更新,特別是已經有在利用的Office漏洞:
Internet Explorer
Microsoft Edge
Office
SharePoint
漏洞可利用情況
根據公告,CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞攻擊成功率很高,利用代碼一旦公開可能會有惡意攻擊者用來製造蠕蟲傳播;在局域網情形中CVE-2017-11771的Windows Search遠程代碼執行漏洞也是通過SMB連接遠程觸發,攻擊成功後即可控製目標計算機;同時CVE-2017-11779的Windows DNSAPI遠程執行代碼漏洞,也可能受到攻擊者建立的一台惡意DNS服務器的虛假響應而被攻擊;而CVE-2017-11826的Microsoft Office內存損壞漏洞利用樣本已經出現在攻擊行動中,建議盡快安裝安全更新補丁和采取相應的緩解措施保護係統安全運行。
影響版本範圍
其中CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞影響如下係統版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
其中CVE-2017-11771的Windows Search遠程代碼執行漏洞影響如下係統版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
其中CVE-2017-11779的Windows DNSAPI遠程執行代碼漏洞影響如下係統版本:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
微軟更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
其中CVE-2017-11826的Microsoft Office內存損壞漏洞影響如下Office版本:
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Online Server 2016
Microsoft Office Web Apps Server 2010 Service Pack 2
Microsoft Office Web Apps Server 2013 Service Pack 1
Microsoft Office Word Viewer
Microsoft SharePoint Enterprise Server 2016
Microsoft Word 2007 Service Pack 3
Microsoft Word 2010 Service Pack 2 (32-bit editions)
Microsoft Word 2010 Service Pack 2 (64-bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2013 Service Pack 1 (32-bit editions)
Microsoft Word 2013 Service Pack 1 (64-bit editions)
Microsoft Word 2016 (32-bit edition)
Microsoft Word 2016 (64-bit edition)
Word Automation Services(Microsoft SharePoint Server 2013 Service Pack 1)
Word Automation Services(Microsoft SharePoint Server 2010 Service Pack 2)
微軟更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826
緩解措施(安全應急建議等)
緊急:目前攻擊代碼已經出現強烈建議盡快安裝安全更新補丁
優先措施:個人電腦開啟防火牆攔截外部訪問本機TCP445端口,服務器開啟安全策略限製指定IP訪問本機TCP445端口。
補丁更新:可以通過係統自帶的更新功能打補丁,也可以單獨安裝具體的補丁,對應版本參考如下微軟更新指南:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11780
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11779
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11826
找到對應的係統版本,點擊“Security Update”即可下載單獨的補丁。
安全配置:如果某些特殊環境下的係統不方便打補丁,可以參考如下安全配置進行變通處理。
針對CVE-2017-11780的Windows SMB(SMBv1)遠程代碼執行漏洞,可以參考如何在 Windows 和 Windows Server 中啟用和禁用SMBv1、SMBv2和SMBv3的指南:
https://support.microsoft.com/zh-cn/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
CVE-2017-11771的Windows Search遠程代碼執行漏洞,可以參考禁用WSearch服務的方法:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2017-11771
安全應急建議:Windows SMB的漏洞在曆史上出現過嚴重蠕蟲傳播攻擊,強烈建議盡快更新安全補丁和繼續關注安全威脅動態。
最後更新:2017-10-20 00:31:04
上一篇:
win10 1709係統版本更新失敗
下一篇: 創意者更新後 開始菜單欄 搜索 及任務欄調整失靈
- 你的設備已過期,並缺少重要的安全和質量更新,因此存在風險。讓我們帶你重回正軌,這樣
- Microsoft store 無法聯網,顯示Microsoft Store需要聯網,你似乎沒有聯網
- 設備以遷移 由於僅部分匹配或匹配不明確,因此無法遷移設備
- 由於在創建轉儲期間出錯,創建轉儲文件失敗。
- 發生臨時 DNS 錯誤
- 應用商店,在我們這邊發生問題,無法使你登陸,錯誤代碼: 0xD000000D
- 照相機不可用,錯誤代碼:0xA00F4244(0xC00DABE0)
- 應用商店打開異常提示“清單中指定了未知的布局”
- 自定義掃描Windows defender裏麵的設備性能和運行狀況 黃色感歎號問題
- windows預口體驗成員內口版本遇到問題需要重啟
熱門內容
- windows10 點開此電腦後,有兩個顯示硬盤盤符的目錄是怎麼回事?
- windows 10 專業版無法下載中文語言包
- KB4056892
- win10不能共享文件夾
- 在Surfacebook上用Windows to go 1703版本,更新後重啟藍屏,無法進入係統
- windows10 1709版本更新失敗,錯誤0x8007001f
- microdoft visual c++ 2015 redistributable
- WIN10 Insider Preview 17025更新失敗,錯誤代碼0x80096004
- 計算機管理服務 出現一個內部錯誤(INVALID
- 關於控製麵板中的安全和維護內提示Windows defender 防病毒已關閉的問題