近日，腾讯云服务安全运营管理中心检测到，微软公司公布了2021年1月的常规安全补丁公示，包括漏洞CVE序号83个，在其中比较严重等级漏洞10个，关键等级73个。远程控制代码执行漏洞14个，安全性作用绕开漏洞6个，数据泄露漏洞11个，权利提高34个。涉及到有关Windows、Windows Server、Edge、Office、Visual Studio、.Net、ASP.net、Azure等好几个商品的高风险漏洞。

为防止您的业务流程受影响，腾讯云服务安全性建议立即进行安全性自纠自查，如在受影响范畴，请您立即开展升级修补，防止被外界网络攻击侵入。

漏洞详细信息

在本次公示中Windows Defender（CVE-2021-1647）漏洞必须重点关注：

CVE-2021-1647：

该漏洞为Microsoft Defender的远程控制代码执行漏洞。网络攻击可根据结构独特的PE文档，使存有漏洞的Microsoft Defender扫描仪该故意文档来实行随意编码。据有关资源，现阶段现有该漏洞在野运用。

安全风险

高危

漏洞风险性

CVE-2021-1647：网络攻击可运用该漏洞在受影响的系统软件上实行随意编码

危害版本号

受CVE-2021-1647危害的Microsoft Malware Protection Engine版本号 < 1.1.17700.4

遭受CVE-2021-1647危害的商品及服务平台:

Microsoft System Center 2012 Endpoint Protection

Microsoft Security Essentials

Microsoft System Center 2012 R2 Endpoint Protection

Microsoft System Center Endpoint Protection

Windows Defender:Windows 10 Version 1607 for 32-bit Systems

Windows Defender:Windows 10 Version 1607 for x64-based Systems

Windows Defender:Windows 10 Version 1803 for 32-bit Systems

Windows Defender:Windows 10 Version 1803 for ARM64-based Systems

Windows Defender:Windows 10 Version 1803 for x64-based Systems

Windows Defender:Windows 10 Version 1809 for 32-bit Systems

Windows Defender:Windows 10 Version 1809 for ARM64-based Systems

Windows Defender:Windows 10 Version 1809 for x64-based Systems

Windows Defender:Windows 10 Version 1909 for 32-bit Systems

Windows Defender:Windows 10 Version 1909 for ARM64-based Systems

Windows Defender:Windows 10 Version 1909 for x64-based Systems

Windows Defender:Windows 10 Version 2004 for 32-bit Systems

Windows Defender:Windows 10 Version 2004 for ARM64-based Systems

Windows Defender:Windows 10 Version 2004 for x64-based Systems

Windows Defender:Windows 10 Version 20H2 for 32-bit Systems

Windows Defender:Windows 10 Version 20H2 for ARM64-based Systems

Windows Defender:Windows 10 Version 20H2 for x64-based Systems

Windows Defender:Windows 10 for 32-bit Systems

Windows Defender:Windows 10 for x64-based Systems

Windows Defender:Windows 7 for 32-bit Systems Service Pack 1

Windows Defender:Windows 7 for x64-based Systems Service Pack 1

Windows Defender:Windows 8.1 for 32-bit systems

Windows Defender:Windows 8.1 for x64-based systems

Windows Defender:Windows RT 8.1

Windows Defender:Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Defender:Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Defender:Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Defender:Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Defender:Windows Server 2012

Windows Defender:Windows Server 2012 (Server Core installation)

Windows Defender:Windows Server 2012 R2

Windows Defender:Windows Server 2012 R2 (Server Core installation)

Windows Defender:Windows Server 2016

Windows Defender:Windows Server 2016 (Server Core installation)

Windows Defender:Windows Server 2019

Windows Defender:Windows Server 2019 (Server Core installation)

Windows Defender:Windows Server, version 1909 (Server Core installation)

Windows Defender:Windows Server, version 2004 (Server Core installation)

Windows Defender:Windows Server, version 20H2 (Server Core Installation)

别的漏洞危害的部件可详尽参照官方网公示

修补提议

微软官网已公布漏洞修补升级，腾讯云服务安全性建议：

1）升级漏洞补丁：保证网络服务器打到了需要的补丁下载，开启Windows Update升级作用或免费下载修补补丁下载，点一下“查验升级”

2）不必开启来路不明的文档或是连接：防止被网络攻击运用在设备上实行恶意程序。

【备注名称】：建议在安裝补丁下载前搞好备份数据工作中，防止发生意外

漏洞参照

官方网安全性公示：