一🤳🏽、背景介紹
6月16日,市委網信辦技術支撐單位監測到 Windows SMB 拒絕服務漏洞細節及PoC在互聯網公開。目前🚺,官方已經發布補丁,建議用戶盡快升級至最新版本。
1.1漏洞描述
Windows SMB 在處理請求的過程中存在空指針引用缺陷,未經身份驗證的遠程攻擊者可通過向 Microsoft Windows 域控製器發送特製請求來利用此漏洞,從而導致目標系統拒絕服務
1.2漏洞編號:CVE-2022-32230
1.3漏洞等級:高危
二、修復建議
2.1 受影響版本
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
2.2 修復建議
目前官方已發布安全補丁與新版本修復了該漏洞,請受影響的用戶盡快更新版本進行防護𓀍✔️。
官方下載鏈接:https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun
