漏洞描述
2021年9月8日,8087金沙娱场城CERT监测到微软官方针对Microsoft MSHTML组件中存在的远程代码执行漏洞(CVE-2021-40444)发布紧急通告。利用此漏洞,远程攻击者可诱使受害者打开其制作的带有ActiveX控件的恶意Microsoft Office文档,当漏洞成功触发时,攻击者可在受害者的机器上以该用户权限执行任意代码。漏洞定级为高危漏洞。
目前微软官方尚未发布此漏洞的修复补丁,鉴于该漏洞已有在野利用,8087金沙娱场城CERT建议及时做好自查和防御措施,以阻止该漏洞攻击。
漏洞编号
CVE-2021-40444
漏洞类型
高危,远程代码执行,CVSS:8.8
修复建议
官方临时修补方案:
在Internet Explorer中禁用ActiveX控件以缓解漏洞攻击(使用此方法,以前安装的ActiveX控件将继续运行,但漏洞不会被触发):
1.创建.reg文件扩展名结尾的文件,并保存如下内容:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003
2.双击该文件,将其应用到策略配置。
3.重启系统。
注意
如果注册表编辑器不当使用可能会存在严重问题,如需重装系统等,建议使用上述的解决方案进行修补,如有必要请事先做好备份。
参考链接
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
参考链接
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444