CVE-2021-1675（Windows Print Spooler 远程命令执行漏洞）漏洞通告 | PoC公开

本月微软官方发布安全补丁更新，修复了一处存在于 WindowsPrint Spooler的远程命令执行漏洞，CVE编号为CVE-2021-1675，攻击者可以绕过安全检查并写入恶意驱动程序。6月29日，该漏洞PoC被公开，火绒已在6月9日/10日对个人版/企业版进行了补丁推送。鉴于该漏洞有被利用的可能，我们建议用户尽快使用火绒漏洞修复功能更新补丁。

（注：6月已进行过漏洞修复的用户无需再次修复）

漏洞详情

Windows Print Spooler远程代码执行漏洞 CVE-2021-1675

严重级别：高危 CVSS：7.8

被利用级别：有可能被利用

Print Spooler 是 Windows打印后台处理服务，在Windows平台使用打印机的必要服务。攻击者可绕过 RpcAddPrinterDriver 的身份验证，在打印服务器中安装恶意驱动程序。Windows域环境中普通帐户就能利用此漏洞。

影响范围

Windows 10 Version 1809 for32-bit Systems

Windows Server 2012 R2 (ServerCore installation)

Windows Server 2012 R2

Windows Server 2012 (ServerCore installation)

Windows Server 2012

Windows Server 2008 R2 forx64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 forx64-based Systems Service Pack 1

Windows Server 2008 forx64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 forx64-based Systems Service Pack 2

Windows Server 2008 for 32-bitSystems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bitSystems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-basedsystems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based SystemsService Pack 1

Windows 7 for 32-bit SystemsService Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 forx64-based Systems

Windows 10 Version 1607 for32-bit Systems

Windows 10 for x64-basedSystems

Windows 10 for 32-bit Systems

Windows Server, version 20H2(Server Core Installation)

Windows 10 Version 20H2 forARM64-based Systems

Windows 10 Version 20H2 for32-bit Systems

Windows 10 Version 20H2 forx64-based Systems

Windows Server, version 2004(Server Core installation)

Windows 10 Version 2004 forx64-based Systems

Windows 10 Version 2004 forARM64-based Systems

Windows 10 Version 2004 for32-bit Systems

Windows 10 Version 21H1 for32-bit Systems

Windows 10 Version 21H1 forARM64-based Systems

Windows 10 Version 21H1 forx64-based Systems

Windows 10 Version 1909 forARM64-based Systems

Windows 10 Version 1909 forx64-based Systems

Windows 10 Version 1909 for32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 forARM64-based Systems

Windows 10 Version 1809 forx64-based Systems

修复建议

1、通过火绒个人版/企业版【漏洞修复】功能修复漏洞。

打开网易新闻 查看精彩图片

2、下载微软官方提供的补丁

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675

扫码二维码

火绒企业安全

点下给小编加点料