网络安全及响应

帮助

  • 电话:0592-6276320
  • 邮箱:ic@hxxy.edu.cn

关于Windows Print Spooler权限提升漏洞(CVE-2021-1675)的预警提示


一、漏洞详情

Print Spooler是Windows系统中用于管理打印相关事务的服务。

该漏洞在域环境中合适的条件下,无需任何用户交互,未经身份验证的远程攻击者就可以利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。

建议受影响用户及时更新漏洞补丁进行防护,做好资产自查以及预防工作,以免遭受黑客攻击。

二、影响范围

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

三、修复建议

1.官方建议:

目前官方已发布漏洞修复补丁,建议受影响用户尽快更新漏洞补丁。

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675

2.更新安全补丁:

通过360安全卫士或者QQ电脑管家的系统漏洞修复功能修复漏洞,更新到最新补丁。或者通过windows操作系统自带的windows更新功能更新到最新版本。(2021.06累积更新)

3.临时防护措施:

若相关用户暂时无法进行补丁更新,可通过禁用Print Spooler服务来进行缓解,需注意,禁用后将无法使用打印机:

1)在服务应用(services.msc)中找到Print Spooler服务。

2)停止运行服务,同时将“启动类型”修改为“禁用”。



上一条:关于防范钓鱼邮件的通知
下一条:网络个人信息防护需谨慎

Copyright(C) 厦门华厦学院 地址:厦门市集美文教区天马路288号
邮编:361024 电话:0592-6276202 技术支持 信息中心