CNNVD通报Microsoft Windows Support Diagnostic Tool安全漏洞

发布时间 2022-06-10

1.jpg

日前,国家信息安全漏洞库(CNNVD)正式发布了关于Microsoft Windows Support Diagnostic Tool安全漏洞(CNNVD-202205-4277、CVE-2022-30190)的情况通报。成功利用此漏洞的攻击者,可在目标主机执行恶意代码。Windows 11、Windows 10 、Windows 8、Windows 7、Windows Server 2022、Windows Server 2016、Windows Server 2012、Windows Server 2008、Windows Server version 20H2、Windows Server 2022等多个系统版本均受此漏洞影响。目前,微软官方发布了临时修补措施缓解漏洞带来的危害,请用户及时确认是否受到漏洞影响,尽快采取修补措施。

1、漏洞介绍

Microsoft Windows Support Diagnostic Tool是美国微软公司Windows操作系统内的一个程序,用于排除故障并收集诊断数据以供技术人员分析和解决问题。该漏洞源于Microsoft Windows Support Diagnostic Tool中的URL协议存在逻辑问题,攻击者可诱使目标主机的应用(如word)通过Microsoft Windows Support Diagnostic Tool中的URL协议下载并打开特制的文件,进而在目标主机执行恶意代码。

2、危害影响

成功利用此漏洞的攻击者,可在目标主机执行恶意代码。以下操作系统版本受漏洞影响:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 Azure Edition Core Hotpatch

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows Server 2019  (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit  Systems    

3、修复建议

目前,微软官方发布了临时修补措施缓解漏洞带来的危害,请用户及时确认是否受到漏洞影响,尽快采取修补措施。官方链接如下:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190