2022年1月12日,亚信安全CERT监测到微软发布了2022年1月份的安全更新。自微软2021年12月份补丁日至今,微软共修复漏洞127个(其中包含29个Microsoft Edge漏洞),涉及Windows Active Directory、Windows Win32K、Windows HTTP Protocol Stack、Windows Security Center、Windows Certificates、Microsoft Office等产品。经亚信安全CERT研判发现,其中共有9个漏洞危害较大,建议用户及时进行自查和修复。
微软2022年1月份的安全更新链接如下:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
经亚信安全CERT研判,本期需重点关注的9个漏洞:
漏洞编号 | 风险等级
| 漏洞名称
| CVSS评分
|
CVE-2022-21907 | 紧急
| Windows HTTP Protocol Stack远程代码执行漏洞 | 9.8分
|
CVE-2022-21840 | 紧急
| Microsoft Office远程代码执行漏洞 | 8.8分
|
CVE-2022-21857 | 紧急
| Windows Active Directory域服务特权提升漏洞 | 8.8分
|
CVE-2022-21836 | 重要
| Windows证书欺骗漏洞 | 7.8分
|
CVE-2022-21874 | 重要 | Windows Security Center API远程代码执行漏洞 | 7.8分
|
CVE-2022-21882 | 重要 | Windows Win32k特权提升漏洞 | 7.0分
|
CVE-2022-21887 | 重要 | Windows Win32k特权提升漏洞 | 7.0分 |
CVE-2022-21919 | 重要 | Windows User Profile Service特权提升漏洞 | 7.0分 |
CVE-2022-21839 | 重要 | Windows事件跟踪任意访问控制列表拒绝服务漏洞 | 6.1分
|
此次安全更新发布的漏洞影响以下组件:
.NET Framework
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Exchange Server
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Teams
Microsoft Windows Codecs Library
Open Source Software
Role: Windows Hyper-V
Tablet Windows User Interface
Windows Account Control
Windows Active Directory
Windows AppContracts API Server
Windows Application Model
Windows BackupKey Remote Protocol
Windows Bind Filter Driver
Windows Certificates
Windows Cleanup Manager
Windows Clipboard User Service
Windows Cluster Port Driver
Windows Common Log File System Driver
Windows Connected Devices Platform Service
Windows Cryptographic Services
Windows Defender
Windows Devices Human Interface
Windows Diagnostic Hub
Windows DirectX
Windows DWM Core Library
Windows Event Tracing
Windows Geolocation Service
Windows HTTP Protocol Stack
Windows IKE Extension
Windows Installer
Windows Kerberos
Windows Kernel
Windows Libarchive
Windows Local Security Authority
Windows Local Security Authority Subsystem Service
Windows Modern Execution Server
Windows Push Notifications
Windows RDP
Windows Remote Access Connection Manager
Windows Remote Desktop
Windows Remote Procedure Call Runtime
Windows Resilient File System (ReFS)
Windows Secure Boot
Windows Security Center
Windows StateRepository API
Windows Storage
Windows Storage Spaces Controller
Windows System Launcher
Windows Task Flow Data Engine
Windows Tile Data Repository
Windows UEFI
Windows UI Immersive Server
Windows User Profile Service
Windows User-mode Driver Framework
Windows Virtual Machine IDE Drive
Windows Win32K
Windows Workstation Service Remote Protocol
请选择以下方式进行更新:
? 通过Windows Update自动安装补丁或手动“检查更新”。
? 对于不能自动更新的系统版本,可下载对应版本的补丁进行安装:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan