一、漏洞详情
print spooler是windows系统中用于管理打印相关事务的服务。
该漏洞在域环境中合适的条件下,无需任何用户交互,未经身份验证的远程攻击者就可以利用该漏洞以system权限在域控制器上执行任意代码,从而获得整个域的控制权。
建议受影响用户及时更新漏洞补丁进行防护,做好资产自查以及预防工作,以免遭受黑客攻击。
二、影响范围
windows server 2012 r2 (server core installation)
windows server 2012 r2
windows server 2012 (server core installation)
windows server 2012
windows server 2008 r2 for x64-based systems service pack 1 (server core installation)
windows server 2008 r2 for x64-based systems service pack 1
windows server 2008 for x64-based systems service pack 2 (server core installation)
windows server 2008 for x64-based systems service pack 2
windows server 2008 for 32-bit systems service pack 2 (server core installation)
windows server 2008 for 32-bit systems service pack 2
windows rt 8.1
windows 8.1 for x64-based systems
windows 8.1 for 32-bit systems
windows 7 for x64-based systems service pack 1
windows 7 for 32-bit systems service pack 1
windows server 2016 (server core installation)
windows server 2016
windows 10 version 1607 for x64-based systems
windows 10 version 1607 for 32-bit systems
windows 10 for x64-based systems
windows 10 for 32-bit systems
windows server, version 20h2 (server core installation)
windows 10 version 20h2 for arm64-based systems
windows 10 version 20h2 for 32-bit systems
windows 10 version 20h2 for x64-based systems
windows server, version 2004 (server core installation)
windows 10 version 2004 for x64-based systems
windows 10 version 2004 for arm64-based systems
windows 10 version 2004 for 32-bit systems
windows 10 version 21h1 for 32-bit systems
windows 10 version 21h1 for arm64-based systems
windows 10 version 21h1 for x64-based systems
windows 10 version 1909 for arm64-based systems
windows 10 version 1909 for x64-based systems
windows 10 version 1909 for 32-bit systems
windows server 2019 (server core installation)
windows server 2019
windows 10 version 1809 for arm64-based systems
windows 10 version 1809 for x64-based systems
windows 10 version 1809 for 32-bit systems
三、修复建议
1.官方建议:
目前官方已发布漏洞修复补丁,建议受影响用户尽快更新漏洞补丁。
https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2021-1675
2.临时防护措施:
若相关用户暂时无法进行补丁更新,可通过禁用print spooler服务来进行缓解:
1)在服务应用(services.msc)中找到print spooler服务。
2)停止运行服务,同时将“启动类型”修改为“禁用”。
