一、漏洞詳情
Print Spooler是Windows系統中用于管理打印相關事務的服務。
該漏洞在域環境中合適的條件下,無需任何用戶交互,未經身份驗證的遠程攻擊者就可以利用該漏洞以SYSTEM權限在域控制器上執行任意代碼,從而獲得整個域的控制權。
建議受影響用戶及時更新漏洞補丁進行防護,做好資產自查以及預防工作,以免遭受黑客攻擊。
二、影響范圍
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
三、修復建議
1.官方建議:
目前官方已發布漏洞修復補丁,建議受影響用戶盡快更新漏洞補丁。
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
2. 臨時防護措施:
若相關用戶暫時無法進行補丁更新,可通過禁用Print Spooler服務來進行緩解:
1)在服務應用(services.msc)中找到Print Spooler服務。
2)停止運行服務,同時將“啟動類型”修改為“禁用”。
位置: