安全公告

安全公告

当前位置:首页  安全公告

关于Microsoft MSHTML远程代码执行0day漏洞的预警提示

发布时间:2021-09-09浏览次数:134设置

一、漏洞详情

MSHTML(又称为Trident)是微软旗下的Internet Explorer浏览器引擎,虽然MHTML主要用于已被弃用的Internet Explorer浏览器,但该组件也应用于Office应用程序,以在WordExcelPowerPoint文档中呈现Web托管的内容。

微软MSHTML引擎存在代码执行漏洞,漏洞编号为CVE-2021-40444。攻击者通过制作包含恶意ActiveXOffce文档,诱导用户打开,从而实现远程代码执行。当用户主机启用了ActiveX控件,攻击者可通过该漏洞控制受害者主机。

目前,微软官方暂未发布针对此漏洞的补丁程序,鉴于此漏洞已被检测到在野利用,建议受影响的用户尽快自查并采用措施缓解此漏洞。

二、影响范围

CVE-2021-40444主要影响以下Windows版本:

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

三、修复建议

目前微软暂未提供安全补丁用于修复此漏洞,但可以通过禁用ActiveX控件的方式进行缓解,操作过程如下(警告:如果注册表编辑器使用不当,可能会导致严重的问题,可能需要重新安装操作系统,建议做好备份再执行操作):

使用注册表文件禁用 ActiveX 控件:

1、将以下内容粘贴到文本文件中并使用 .reg 文件扩展名保存:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]1001=dword:000000031004=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]1001=dword:000000031004=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]1001=dword:000000031004=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]1001=dword:000000031004=dword:00000003

2、双击运行该.reg文件,应用相关配置,然后重启计算机。


返回原图
/