Windows SMB曝高危漏洞 华顺信安提供漏洞检测程序

2022/04/18 19:18:54

日前,Windows SMB被曝存在多个高危漏洞,编号分别为CVE-2022-24500、CVE-2022-24541、CVE-2022-26830。攻击者可利用邮件或在消息中发送诱导性链接诱使用户访问恶意 SMB 服务器,进而触发该漏洞,随后攻击者即可通过网络在目标系统上执行任意代码。据此,FOEYE上线“热点漏洞专题”,已支持对上述漏洞检测能力。

lQLPDhtX5IqATFXNA0vNBDqwfMXhMvKkv7sCYK059sAkAA_1082_843.png

本次漏洞影响范围:

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 for ARM64-based Systems

Windows 11 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server, version 20H2 (Server Core Installation)


根据目前FOFA系统最新数据(一年内数据)显示,全球范围内共有 125,597,281 个相关服务对外开放。其中美国使用数量34,693,652 个,中国共有 26,227,566 个,韩国共有 5,471,921 个。全球范围内分布情况如下(仅为分布情况,非漏洞影响情况):

581F7BCC-8489-4224-9164-5D619CD30162.png

现FOEYE已提供“Windows SMB远程代码执行漏洞(CVE-2022-24500、CVE-2022-24541、CVE-2022-26830)”检测方案,通过首页“热点漏洞专题”进入,下载“检测方案”及“检测程序”。根据方案中提示的检测方式即可进行检测。若存在潜在安全风险程序将提示补丁信息,如下图所示:

lQLPDhtXyeq1u3zMmc0CKrBYzAsq6prFgQJggZopAAEA_554_153.png

目前,Microsoft官方已发布最新安全补丁,请将受影响产品更新至最新版本。

https://support.microsoft.com/zh-cn/topic/april-12-2022-kb5012599-os-builds-19042-1645-19043-1645-and-19044-1645-548cc67c-7f12-46fd-878e-589ba81ac2f5


如无法及时更新补丁,建议存在该漏洞的相关企业在边界防火墙处阻止 TCP 端口 445或遵循 Microsoft 指导原则,以防 SMB 流量形成横向连接进入或离开网络。指导参考链接:https://docs.microsoft.com/zh-cn/windows-server/storage/file-server/smb-secure-traffic