近期,发现 Microsoft Office MSDT 存在远程代码执行漏洞。漏洞编号:CVE-2022-30190,威胁等级高。MSDT(Microsoft Support Diagnostics Tool,微软支持诊断工具)是一个 Windows 实用程序,用于排除故障并收集诊断数据以供专业人员分析和解决问题。应用范围较广,因此威胁影响范围较大。
一、 受影响的版本如下:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service
Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
(Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit system
Windows 7 for x64-based Systems Service Pack
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
二、 防范建议
目前微软针对此漏洞已发布安全补丁,补丁获取链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
三、 应急处置建议
1 是立即断开被入侵的主机系统的网络连接,防止进一步危害;
2 是留存相关日志信息;
3 是通过“解决方案”加固系统并通过检查确认无相关漏洞后再恢复网络连接。
