有孚云官网

2021年12月关于微软多个产品高危漏洞通告

2021.12.28

摘要

近日，微软官方发布了多个安全漏洞的公告，包括Microsoft Defender 代码注入漏洞（CNNVD-202112-1162、CVE-2021-43882）、Microsoft Office 代码注入漏洞（CNNVD-202112-1233、CVE-2021-43905）等67个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据，提升权限等。微软多个产品和系统受漏洞影响。目前，微软官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2021年12月15日，微软发布了2021年12月份安全更新，共67个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Office、Microsoft PowerShell、Chromium-based Edgebrowser、Windows Kernel、PrintSpooler、Remote Desktop Client、WindowsEncrypting File System (EFS)等组件。CNNVD对其危害等级进行了评价，其中超危漏洞3个、高危漏洞41个，中危漏洞23个。微软多个产品和系统版本受漏洞影响，具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、重点漏洞概述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞，请相关用户重点进行关注：

Windows AppX Installer欺骗漏洞（CVE-2021-43890）：

攻击者可通过制作恶意的数据包，当成功诱导用户在受影响的系统上打开恶意文件后，拥有低权限的攻击者可实现权限提升，导致在目标系统上以用户权限执行任意代码。目前该漏洞已监测到在野利用，正在被武器化用来传播 Emotet、Trickbot、Bazaloader等恶意软件。官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43890

Windows Installer权限提升漏洞（CVE-2021-43883）：

该漏洞为Windows Installer权限提升漏洞（CVE-2021-41379）的补丁绕过。普通用户权限的本地攻击者可利用该漏洞提升至SYSTEM 权限。
官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43883

iSNS Server内存损坏漏洞（CVE-2021-43215）：

Internet 存储名称服务 (iSNS) 协议用于 iSNS 服务器和 iSNS 客户端之间的交互。未经身份验证的攻击者利用该漏洞向iSNS Server发送特制恶意请求，最终导致在目标服务器上执行任意代码，CVSS评分9.8。官方通告链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215

Microsoft Office app远程代码执行漏洞（CVE-2021-43905）：

攻击者可通过制作恶意的数据包，当成功诱导用户在受影响的系统上打开恶意文件后，可导致在目标系统上以用户权限执行任意代码，CVSS评分9.6。
官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43905

Remote Desktop Client远程代码执行漏洞（CVE-2021-43233）：

攻击者可以通过社会工程、DNS 中毒或MITM技术来诱导受害者与已被控制的服务器相连接；除此以外，攻击者还可以破坏合法服务器，在服务器上托管恶意代码，然后等待用户连接。成功利用该漏洞，可导致攻击者在目标系统上执行任意代码，CVSS评分7.0。
官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43233

Windows Print Spooler权限提升漏洞（CVE-2021-41333）：

经过身份验证的本地攻击者利用该漏洞在目标系统上以SYSTEM权限执行任意代码，CVSS评分7.8。
官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41333

Visual Studio Code WSL Extension 远程代码执行漏洞（CVE-2021-43907）：

Visual Studio Code WSL 扩展组件受该漏洞影响。未经身份验证的攻击者利用该漏洞可在目标系统以用户权限执行任意代码，且无需用户交互，CVSS评分9.8。
官方通告链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907

Microsoft 4K Wireless Display Adapter远程代码执行漏洞（CVE-2021-43899）：

未经身份验证的攻击者利用该漏洞向目标系统发送特制的数据包，最终导致在目标系统上以用户权限执行任意代码，且无需用户交互，CVSS评分9.8。
官方通告链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899

Microsoft Defender for IoT远程代码执行漏洞（CVE-2021-42310）：

在密码重置请求中，由于中间证书与设备内置的根CA证书两者链接过程存在缺陷，攻击者可利用该缺陷重置他人密码，最终导致在目标系统上以用户权限执行任意代码，CVSS评分8.1。
官方通告链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42310

Windows Encrypting File System (EFS)远程代码执行漏洞（CVE-2021-43217）：

加密文件系统(EFS)是一个基于数字认证的加密方式，它允许用户可以仅针对单个文件或者单个文件夹进行加密，以保护数据的机密性。攻击者可利用该漏洞造成缓冲区溢出，从而导致执行任意代码，CVSS评分8.1。
官方通告链接：https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217

Windows Mobile Device Management权限提升漏洞（CVE-2021-43880）：

普通用户权限的本地攻击者可利用该漏洞提升至SYSTEM 权限。
官方通告链接：https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43880

以下为重点关注漏洞的受影响产品版本，其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号	受影响产品版本
CVE-2021-43890	App Installer
CVE-2021-43883 CVE-2021-41333	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows RT 8.1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43215	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43905	Office app
CVE-2021-43233	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43907	Visual Studio Code WSL Extension
CVE-2021-43899	Microsoft 4K Wireless Display Adapter
CVE-2021-42310	Microsoft Defender for IoT
CVE-2021-43217	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43880	Windows 11 for ARM64-based Systems Windows 11 for x64-based Systems

三、漏洞详情

此次更新共包括67个漏洞的补丁程序，其中超危漏洞3个、高危漏洞41个，中危漏洞23个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Microsoft Defender 代码注入	CNNVD-202112-1162	CVE-2021-43882	超危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43882
2	Microsoft Devices 代码注入	CNNVD-202112-1185	CVE-2021-43899	超危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43899
3	Microsoft Office 代码注入	CNNVD-202112-1233	CVE-2021-43905	超危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43905
4	Microsoft SharePoint输入验证错误	CNNVD-202112-1066	CVE-2021-42309	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42309
5	Microsoft Office和Microsoft Excel 代码注入	CNNVD-202112-1069	CVE-2021-43256	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43256
6	Microsoft SharePoint 输入验证错误	CNNVD-202112-1070	CVE-2021-42294	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42294
7	Microsoft Office 代码注入	CNNVD-202112-1073	CVE-2021-43875	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43875
8	Microsoft Windows权限许可和访问控制问题	CNNVD-202112-1130	CVE-2021-43893	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43893
9	Microsoft Windows Installer权限许可和访问控制问题	CNNVD-202112-1133	CVE-2021-43883	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43883
10	Microsoft Windows Codecs Library权限许可和访问控制问题	CNNVD-202112-1135	CVE-2021-43248	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43248
11	Microsoft Windows TCP/IP component权限许可和访问控制问题	CNNVD-202112-1136	CVE-2021-43247	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43247
12	Microsoft Windows权限许可和访问控制问题	CNNVD-202112-1141	CVE-2021-43245	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43245
13	Microsoft Windows NTFS权限许可和访问控制问题	CNNVD-202112-1143	CVE-2021-43240	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43240
14	Microsoft Windows Update Medic权限许可和访问控制问题	CNNVD-202112-1144	CVE-2021-43239	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43239
15	Microsoft Message Queuing信息泄露	CNNVD-202112-1145	CVE-2021-43236	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43236
16	Microsoft Windows Fax services代码注入	CNNVD-202112-1147	CVE-2021-43234	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43234
17	Microsoft Windows Remote Access Connection Manager权限许可和访问控制问题	CNNVD-202112-1148	CVE-2021-43238	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43238
18	Microsoft Windows Update Medic权限许可和访问控制问题	CNNVD-202112-1149	CVE-2021-43237	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43237
19	Microsoft Remote Desktop Client代码注入	CNNVD-202112-1150	CVE-2021-43233	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43233
20	Microsoft Windows Event Tracing代码注入	CNNVD-202112-1151	CVE-2021-43232	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43232
21	Microsoft Windows NTFS权限许可和访问控制问题	CNNVD-202112-1152	CVE-2021-43231	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43231
22	Microsoft Windows NTFS权限许可和访问控制问题	CNNVD-202112-1155	CVE-2021-43229	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43229
23	Microsoft Windows NTFS权限许可和访问控制问题	CNNVD-202112-1156	CVE-2021-43230	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43230
24	Microsoft Windows Codecs Library代码注入	CNNVD-202112-1158	CVE-2021-40453	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40453
25	Microsoft Windows Codecs Library代码注入	CNNVD-202112-1159	CVE-2021-40452	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40452
26	Microsoft Defender 信息泄露	CNNVD-202112-1160	CVE-2021-43888	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43888
27	Microsoft Defender 代码注入	CNNVD-202112-1161	CVE-2021-42310	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42310
28	Microsoft Defender 代码注入	CNNVD-202112-1163	CVE-2021-41365	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41365
29	Microsoft Defender 代码注入	CNNVD-202112-1164	CVE-2021-42311	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42311
30	Microsoft Defender 权限许可和访问控制问题	CNNVD-202112-1165	CVE-2021-42312	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42312
31	Microsoft Defender 代码注入	CNNVD-202112-1167	CVE-2021-42313	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42313
32	Microsoft Defender 代码注入	CNNVD-202112-1168	CVE-2021-42314	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42314
33	Microsoft Defender 代码注入	CNNVD-202112-1169	CVE-2021-42315	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42315
34	Microsoft Windows Codecs Library代码注入	CNNVD-202112-1170	CVE-2021-43214	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43214
35	Microsoft Internet Information Services缓冲区错误	CNNVD-202112-1171	CVE-2021-43215	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43215
36	Microsoft Defender 代码注入	CNNVD-202112-1172	CVE-2021-43889	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43889
37	Microsoft Windows缓冲区错误	CNNVD-202112-1174	CVE-2021-43217	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43217
38	Microsoft Visual Studio 代码注入	CNNVD-202112-1177	CVE-2021-43907	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43907
39	Microsoft Azure 代码注入	CNNVD-202112-1180	CVE-2021-43225	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43225
40	Microsoft Visual Studio 权限许可和访问控制问题	CNNVD-202112-1181	CVE-2021-43877	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877
41	Microsoft Windows Codecs Library代码注入	CNNVD-202112-1183	CVE-2021-41360	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41360
42	Microsoft Visual Studio和Visual Studio Code 代码注入	CNNVD-202112-1215	CVE-2021-43891	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43891
43	BizTalk ESB Toolkit 安全	CNNVD-202112-1253	CVE-2021-43892	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43892
44	Microsoft Apps 安全	CNNVD-202112-1261	CVE-2021-43890	高危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890
45	Microsoft Office安全	CNNVD-202112-1064	CVE-2021-43242	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43242
46	Microsoft SharePoint安全	CNNVD-202112-1067	CVE-2021-42320	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42320
47	Microsoft Office 安全	CNNVD-202112-1068	CVE-2021-43255	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43255
48	Microsoft Office 信息泄露	CNNVD-202112-1071	CVE-2021-42295	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42295
49	Microsoft Office 权限许可和访问控制问题	CNNVD-202112-1072	CVE-2021-42293	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42293
50	Microsoft Windows Mobile Device Management权限许可和访问控制问题	CNNVD-202112-1134	CVE-2021-43880	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43880
51	Microsoft Hyper-V 输入验证错误	CNNVD-202112-1137	CVE-2021-43246	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43246
52	Microsoft Windows Kernel信息泄露	CNNVD-202112-1142	CVE-2021-43244	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43244
53	Microsoft Windows Storage Spaces Controller信息泄露	CNNVD-202112-1146	CVE-2021-43235	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43235
54	Microsoft Windows SymCrypt输入验证错误	CNNVD-202112-1153	CVE-2021-43228	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43228
55	Microsoft Windows Media权限许可和访问控制问题	CNNVD-202112-1154	CVE-2021-40441	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40441
56	Microsoft Windows Storage Spaces Controller信息泄露	CNNVD-202112-1157	CVE-2021-43227	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43227
57	多款Microsoft产品权限许可和访问控制问题	CNNVD-202112-1166	CVE-2021-43226	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43226
58	Microsoft Local Security Authority Server信息泄露	CNNVD-202112-1173	CVE-2021-43216	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43216
59	Microsoft Windows Common Log File System Driver 信息泄露	CNNVD-202112-1175	CVE-2021-43224	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43224
60	Microsoft Windows DirectX输入验证错误	CNNVD-202112-1176	CVE-2021-43219	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43219
61	Microsoft Message Queuing 信息泄露	CNNVD-202112-1178	CVE-2021-43222	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43222
62	Microsoft Windows Remote Access Connection Manager权限许可和访问控制问题	CNNVD-202112-1179	CVE-2021-43223	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43223
63	Microsoft Windows Print Spooler Components权限许可和访问控制问题	CNNVD-202112-1182	CVE-2021-41333	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41333
64	Microsoft Windows Common Log File System Driver 权限许可和访问控制问题	CNNVD-202112-1184	CVE-2021-43207	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43207
65	Microsoft Windows Codecs Library信息泄露	CNNVD-202112-1186	CVE-2021-43243	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43243
66	Microsoft Visual Studio 安全	CNNVD-202112-1210	CVE-2021-43908	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908
67	Microsoft PowerShell Utility 安全	CNNVD-202112-1230	CVE-2021-43896	中危	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43896

四、修复建议

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁，强烈建议受影响用户尽快安装补丁进行防护。
官方下载链接：https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Dec

注：由于网络问题、计算机环境问题等原因，Windows Update的补丁更新可能出现失败。用户在安装补丁后，应及时检查补丁是否成功更新。右键点击Windows图标，选择“设置(N)”，选择“更新和安全”-“Windows更新”，查看该页面上的提示信息，也可点击“查看更新历史记录”查看历史更新情况。针对未成功安装的更新，可点击更新名称跳转到微软官方下载页面，建议用户点击该页面上的链接，转到“Microsoft更新目录”网站下载独立程序包并安装。

上一篇: 2021年12月关于Apache HTTP Server 多个安全漏洞的通告下一篇: 【漏洞通告】2022年1月Linux Polkit 权限提升漏洞(CVE-2021-4034)的通告

关于我们

有孚云是上海有孚网络股份有限公司基于22年+数据中心服务经验，承载企业 IT 的核心基础设施，打造致力于为企业提供高可用、高品质的云计算产品和服务平台。

发展历程