【安全通報(bào)】Microsoft Defender 緩沖區(qū)溢出高危漏洞通知

經(jīng)過景安公司安全漏洞預(yù)警機(jī)制排查發(fā)現(xiàn)，Microsoft官方于2021年1月12日發(fā)布了Microsoft Defender 緩沖區(qū)溢出漏洞的風(fēng)險(xiǎn)通告，該漏洞編號(hào)為CVE-2021-1647，漏洞等級(jí)：高危，漏洞評(píng)分：7.8，特將漏洞詳情通告如下：

一、漏洞詳情

攻擊者通過構(gòu)造特殊的PE文件,使得Microsoft Defender在對該文件進(jìn)行解析的時(shí)候，產(chǎn)生緩沖區(qū)溢出，從而造成遠(yuǎn)程代碼執(zhí)行。目前，漏洞細(xì)節(jié)已公開，Microsoft官方已發(fā)布升級(jí)版本信息。

二、影響版本

-Microsoft:Microsoft Defender:Windows 8.1 for 32-bit systems

-Microsoft:Microsoft Defender:Windows 7 for x64-based Systems Service Pack 1

-Microsoft:Microsoft Defender:Windows 7 for 32-bit Systems Service Pack 1

-Microsoft:Microsoft Defender:Windows Server 2016 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2016

-Microsoft:Microsoft Defender:Windows 10 Version 1607 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1607 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server, version 20H2 (Server Core Installation)

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for x64-based Systems

-Microsoft:Microsoft Defender:Windows Server, version 2004 (Server Core installation)

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server, version 1909 (Server Core installation)

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server 2019 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2019

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for 32-bit Systems

-Microsoft:Microsoft System Center 2012 Endpoint Protection

-Microsoft:Microsoft Security Essentials

-Microsoft:Microsoft System Center 2012 R2 Endpoint Protection

-Microsoft:Microsoft System Center Endpoint Protection

-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2

-Microsoft:Microsoft Defender:Windows RT 8.1

-Microsoft:Microsoft Defender:Windows 8.1 for x64-based systems

-Microsoft:Microsoft Defender:Windows Server 2012 R2 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2012 R2

-Microsoft:Microsoft Defender:Windows Server 2012 (Server Core installation)

三、修復(fù)建議

微軟官方已更新受影響軟件的安全補(bǔ)丁，用戶可根據(jù)不同版本系統(tǒng)下載安裝對應(yīng)的安全補(bǔ)丁，安全更新鏈接如下：https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1647

四、高危風(fēng)險(xiǎn)重要提醒

景安網(wǎng)絡(luò)在此鄭重提示您務(wù)必做到以下兩點(diǎn)：

1. 請您及時(shí)進(jìn)行Microsoft Windows版本檢查、更新；

2. 請您保持Windows server / Windows 檢測并開啟自動(dòng)更新功能；Windows自動(dòng)更新流程如下：

1) 點(diǎn)擊開始菜單，在彈出的菜單中選擇“控制面板”進(jìn)行下一步。

2) 點(diǎn)擊控制面板頁面中的“系統(tǒng)和安全”，進(jìn)入設(shè)置。

3) 在彈出的新的界面中選擇“windows update”中的“啟用或禁用自動(dòng)更新”。

4) 然后進(jìn)入設(shè)置窗口，展開下拉菜單項(xiàng)，選擇其中的自動(dòng)安裝更新（推薦）。

3. 請您在安全管理中養(yǎng)成數(shù)據(jù)備份的好習(xí)慣，做好數(shù)據(jù)備份工作，避免因數(shù)據(jù)丟失給您帶來的損失。