资安新讯

2022-06-20微软支援诊断工具存在安全漏洞(CVE-2022-30190),攻击者可藉此远端执行任意程式码,请儘速确认并进行更新

内容说明:

微软支援诊断工具(Microsoft Support Diagnostic Tool, MSDT)为Windows作业系统用以蒐集装置之诊断资料,并传送给技术支援工程师以解决问题之工具。 研究人员发现微软支援诊断工具存在名为Follina之安全漏洞(CVE-2022-30190),攻击者诱骗使用者开启恶意Word档案时,可利用URL协定呼叫微软支援诊断工具以触发此漏洞,进而远端执行任意程式码。

目前已知影响平台如下:

受影响版本如下:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2(Server Core installation)
Windows Server 2016
Windows Server 2016(Server Core installation)
Windows Server 2019
Windows Server 2019(Server Core installation)
Windows Server 2022
Windows Server 2022(Server Core installation)
Windows Server, version 20H2(Server Core Installation)

建议措施:

1.目前微软官方已针对此漏洞释出更新程式,请各机关可联络系统维护厂商或参考以下连结进行更新:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
2.若无法进行更新,可参考微软官方网站採取下列缓解措施,以暂时关闭微软支援诊断工具之URL协定:
(1)以系统管理员身分开启「命令提示字元」视窗
(2)执行「reg export HKEY_CLASSES_ROOT\ms-msdt filename」指令进行机码备份
(3)执行指令「reg delete HKEY_CLASSES_ROOT\ms-msdt /f」
(4)后续安装修补程式后,若要还原机码,请执行「reg import filename」
3.请更新电脑防毒软体病毒码。
4.请留意可疑电子邮件,注意邮件来源正确性,勿随意点击信件连结或开启附件。
5.请加强内部宣导,提升人员资安意识,以防范骇客利用电子邮件进行社交工程攻击。

参考资料:

1.https://www.ithome.com.tw/news/151211
2.https://www.ithome.com.tw/news/151238
3.https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190
4.https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
5.https://support.microsoft.com/zh-tw/office/office-%E7%9A%84%E6%87%89%E7%94%A8%E7%A8%8B%E5%BC%8F%E9%98%B2%E8%AD%B7-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46

Publish Date
2022/6/20 上午 12:00:00

原文网址: 行政院国家资通安全会报技术服务中心 漏洞警讯公告

Top