关于Windows Print Spooler远程代码执行漏洞的预警通报
一、漏洞概述
微软在2021年6月的安全更新中修复了其Windows操作系统后台打印服务Windows Print Spooler的远程代码执行漏洞(CVE-2021-1675),Windows Print Spooler管理所有本地和网络打印队列,控制所有打印工作。攻击者利用该漏洞可绕过安全检查在目标设备上安装恶意驱动程序。鉴于漏洞危害较大且相关漏洞利用代码已公开,建议相关用户尽快采取措施进行防护。
二、影响范围
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit System
三、防护措施
已开启Windows自动更新的系统会自动安装补丁,无需手动更新升级。未开启自动更新的计算机及所有Windows服务器按照以下方法做好防护。
1.安装补丁
目前,微软官方已针对支持的系统版本发布了修复该漏洞的安全补丁,官方补丁下载地址:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675。
由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
2.临时应对措施
若无法成功安装补丁,则可通过禁用Print Spooler服务来进行缓解:
(1)单击Windows图标或搜索框,搜索“services.msc”,在服务应用中找到Print Spooler服务。
(2)双击“Print Spooler”,停止运行服务,同时将“启动类型”修改为“禁用”。