English | 蒙文版
 
当前位置: 首页网络安全周安全公告 → 正文
阅读新闻

关于Microsoft Office MSDT远程执行代码漏洞的紧急预警

[日期:2022-06-02]

近期,发现 Microsoft Office MSDT 存在远程代码执行漏洞。漏洞编号:CVE-2022-30190,威胁等级高。MSDTMicrosoft Support Diagnostics Tool,微软支持诊断工具)是一个 Windows 实用程序,用于排除故障并收集诊断数据以供专业人员分析和解决问题。应用范围较广,因此威胁影响范围较大。

一、 受影响的版本如下:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service

Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack  1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

(Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit system

Windows 7 for x64-based Systems Service Pack

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

二、 防范建议

目前微软针对此漏洞已发布安全补丁,补丁获取链接:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190

三、 应急处置建议

1 是立即断开被入侵的主机系统的网络连接,防止进一步危害;

2 是留存相关日志信息;

3 是通过“解决方案”加固系统并通过检查确认无相关漏洞后再恢复网络连接。