一、漏洞详情
microsoft windows http协议栈(http.sys)是一个位于windows操作系统中核心组件,常见于应用之间或设备之间通信,以及internet information services (iis)中。
微软官方公开并修复了microsoft windows http协议栈远程代码执行漏洞(cve-2022-21907),未经身份认证的远程攻击者可通过向目标web服务器发送特制的http请求来利用此漏洞,从而在目标系统上执行任意代码。利用此漏洞不需要身份认证和用户交互,微软官方将其标记为蠕虫漏洞,并建议优先修补受此漏洞影响的服务器。
二、影响范围
此漏洞影响启用了使用 http.sys的应用程序(如iis)的以下版本的windows或windows server主机:
windowsserver, version 20h2 (server core installation)
windowsserver 2022 (server core installation)
windowsserver 2022
windowsserver 2019 (server core installation)
windowsserver 2019
windows11 for x64-based systems
windows11 for arm64-based systems
windows10 version 21h2 for x64-based systems
windows10 version 21h2 for arm64-based systems
windows10 version 21h2 for 32-bit systems
windows10 version 21h1 for x64-based systems
windows10 version 21h1 for arm64-based systems
windows10 version 21h1 for 32-bit systems
windows10 version 20h2 for x64-based systems
windows10 version 20h2 for arm64-based systems
windows10 version 20h2 for 32-bit systems
windows10 version 1809 for x64-based systems
windows10 version 1809 for arm64-based systems
windows10 version 1809 for 32-bit systems
windows server 2019和windows 10 1809默认情况下包含漏洞代码的功能未启用,开启该功能需要修改注册表。
三、修复建议
微软官方目前已修复该漏洞,并发布了相关安全补丁,建议用户尽快安装补丁。补丁下载链接:https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-21907
校园网windows自动更新服务可定期通过校内自动更新服务器更新系统补丁,无需另申请外网访问和流量支持,详见 http://winupdate.njau.edu.cn
