微软4月安全更新多个产品高危漏洞通告


一、漏洞概述

4月14日,微软发布4月安全更新补丁,修复了114个安全漏洞,涉及Windows、Office、Edge (Chromium-based) 、Visual Studio Code、Exchange Server、Visual Studio、Azure等广泛使用的产品,其中包括远程代码执行和权限提升等高危漏洞类型。

本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有19个,重要(Important)漏洞有88个。请相关用户尽快更新补丁进行防护。详细漏洞列表请参考附录。

参考链接:https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr

二、重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

  • Exchange Server代码执行漏洞(CVE-2021-28480/CVE-2021-28481/CVE-2021-28482/CVE-2021-28483):

攻击者可利用上述漏洞绕过Exchange身份验证,无需用户交互即可实现命令执行。 CVE-2021-28480和CVE-2021-28481的CVSS评分为9.8分,是未授权远程代码执行漏洞,未经身份验证的攻击者利用漏洞,可在内网的Exchange服务器进行横向扩散,可能造成蠕虫级漏洞的危害。

官方通告链接:

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28480

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28481

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28482

https://msrc.microsoft.com/update-guide/en-US/security-guidance/advisory/CVE-2021-28483

  • Win32k 权限提升漏洞(CVE-2021-28310):

Win32k存在权限提升漏洞,攻击者利用此漏洞可在目标主机上以SYSTEM权限执行任意代码。目前漏洞细节已公开,且已检测到在野攻击。

官方通告链接:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28310

  • Windows Hyper-V 安全功能绕过漏洞(CVE-2021-28444):

攻击者可以绕过使用Router Guard配置的Hyper-V,将Windows配置为中间人路由器,从而实现截获流量并修改数据包。

官方通告链接:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28444

  • Windows SMB信息泄露漏洞(CVE-2021-28324/CVE-2021-28325):

Windows SMB存在两个信息泄露漏洞(CVE-2021-28324、CVE-2021-28325),攻击者可以访问内核空间中的内存内容。CVE-2021-28324无需身份验证,攻击者利用此漏洞可以未授权获取目标系统敏感信息。

官方通告链接:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28324

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28325

三、影响范围

以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。


漏洞编号 受影响产品版本
CVE-2021-28480
CVE-2021-28481
CVE-2021-28482
CVE-2021-28483
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 9
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2013 Cumulative Update 23
CVE-2021-28310 Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
CVE-2021-28444 Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows 8.1 for x64-based systems
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1803 for x64-based Systems
CVE-2021-28324 Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
CVE-2021-28325 Windows 10 Version 2004 for 32-bit Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019  (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016  (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems

四、漏洞防护

  • 补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Apr

有关内容来源于:http://blog.nsfocus.net/microsoft-monthly-202104/