关于Windows Print Spooler远程代码执行漏洞的预警通报

一、漏洞概述

微软在2021年6月的安全更新中修复了其Windows操作系统后台打印服务Windows Print Spooler的远程代码执行漏洞（CVE-2021-1675），Windows Print Spooler管理所有本地和网络打印队列，控制所有打印工作。攻击者利用该漏洞可绕过安全检查在目标设备上安装恶意驱动程序。鉴于漏洞危害较大且相关漏洞利用代码已公开，建议相关用户尽快采取措施进行防护。

二、影响范围

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit System

三、防护措施

已开启Windows自动更新的系统会自动安装补丁，无需手动更新升级。未开启自动更新的计算机及所有Windows服务器按照以下方法做好防护。

1.安装补丁

目前，微软官方已针对支持的系统版本发布了修复该漏洞的安全补丁，官方补丁下载地址：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675。

由于网络问题、计算机环境问题等原因，Windows Update的补丁更新可能出现失败。用户在安装补丁后，应及时检查补丁是否成功更新。

右键点击Windows图标，选择“设置”，选择“更新和安全”-“Windows更新”，查看该页面上的提示信息，也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新，可点击更新名称跳转到微软官方下载页面，建议用户点击该页面上的链接，转到“Microsoft更新目录”网站下载独立程序包并安装。

2.临时应对措施

若无法成功安装补丁，则可通过禁用Print Spooler服务来进行缓解：

（1）单击Windows图标或搜索框，搜索“services.msc”，在服务应用中找到Print Spooler服务。

（2）双击“Print Spooler”，停止运行服务，同时将“启动类型”修改为“禁用”。