漏洞资源|2021年1月“微软补丁日” Windows Defender等好几个商品高风险漏洞风险性通知(CVE-2021-1647)
近日,腾讯云服务安全运营管理中心检测到,微软公司公布了2021年1月的常规安全补丁公示,包括漏洞CVE序号83个,在其中比较严重等级漏洞10个,关键等级73个。远程控制代码执行漏洞14个,安全性作用绕开漏洞6个,数据泄露漏洞11个,权利提高34个。涉及到有关Windows、Windows Server、Edge、Office、Visual Studio、.Net、ASP.net、Azure等好几个商品的高风险漏洞。
为防止您的业务流程受影响,腾讯云服务安全性建议立即进行安全性自纠自查,如在受影响范畴,请您立即开展升级修补,防止被外界网络攻击侵入。
漏洞详细信息
在本次公示中Windows Defender(CVE-2021-1647)漏洞必须重点关注:
CVE-2021-1647:
该漏洞为Microsoft Defender的远程控制代码执行漏洞。网络攻击可根据结构独特的PE文档,使存有漏洞的Microsoft Defender扫描仪该故意文档来实行随意编码。据有关资源,现阶段现有该漏洞在野运用。
安全风险
高危
漏洞风险性
CVE-2021-1647:网络攻击可运用该漏洞在受影响的系统软件上实行随意编码
危害版本号
受CVE-2021-1647危害的Microsoft Malware Protection Engine版本号 < 1.1.17700.4
遭受CVE-2021-1647危害的商品及服务平台:
Microsoft System Center 2012 Endpoint Protection
Microsoft Security Essentials
Microsoft System Center 2012 R2 Endpoint Protection
Microsoft System Center Endpoint Protection
Windows Defender:Windows 10 Version 1607 for 32-bit Systems
Windows Defender:Windows 10 Version 1607 for x64-based Systems
Windows Defender:Windows 10 Version 1803 for 32-bit Systems
Windows Defender:Windows 10 Version 1803 for ARM64-based Systems
Windows Defender:Windows 10 Version 1803 for x64-based Systems
Windows Defender:Windows 10 Version 1809 for 32-bit Systems
Windows Defender:Windows 10 Version 1809 for ARM64-based Systems
Windows Defender:Windows 10 Version 1809 for x64-based Systems
Windows Defender:Windows 10 Version 1909 for 32-bit Systems
Windows Defender:Windows 10 Version 1909 for ARM64-based Systems
Windows Defender:Windows 10 Version 1909 for x64-based Systems
Windows Defender:Windows 10 Version 2004 for 32-bit Systems
Windows Defender:Windows 10 Version 2004 for ARM64-based Systems
Windows Defender:Windows 10 Version 2004 for x64-based Systems
Windows Defender:Windows 10 Version 20H2 for 32-bit Systems
Windows Defender:Windows 10 Version 20H2 for ARM64-based Systems
Windows Defender:Windows 10 Version 20H2 for x64-based Systems
Windows Defender:Windows 10 for 32-bit Systems
Windows Defender:Windows 10 for x64-based Systems
Windows Defender:Windows 7 for 32-bit Systems Service Pack 1
Windows Defender:Windows 7 for x64-based Systems Service Pack 1
Windows Defender:Windows 8.1 for 32-bit systems
Windows Defender:Windows 8.1 for x64-based systems
Windows Defender:Windows RT 8.1
Windows Defender:Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Defender:Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Defender:Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Defender:Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Defender:Windows Server 2012
Windows Defender:Windows Server 2012 (Server Core installation)
Windows Defender:Windows Server 2012 R2
Windows Defender:Windows Server 2012 R2 (Server Core installation)
Windows Defender:Windows Server 2016
Windows Defender:Windows Server 2016 (Server Core installation)
Windows Defender:Windows Server 2019
Windows Defender:Windows Server 2019 (Server Core installation)
Windows Defender:Windows Server, version 1909 (Server Core installation)
Windows Defender:Windows Server, version 2004 (Server Core installation)
Windows Defender:Windows Server, version 20H2 (Server Core Installation)
别的漏洞危害的部件可详尽参照官方网公示
修补提议
微软官网已公布漏洞修补升级,腾讯云服务安全性建议:
1)升级漏洞补丁:保证网络服务器打到了需要的补丁下载,开启Windows Update升级作用或免费下载修补补丁下载,点一下“查验升级”
2)不必开启来路不明的文档或是连接:防止被网络攻击运用在设备上实行恶意程序。
【备注名称】:建议在安裝补丁下载前搞好备份数据工作中,防止发生意外
漏洞参照
官方网安全性公示:
