关于微软Windows脚本语言存在两个严重远程代码执行漏洞的风险提示

安天CERT

1 概述

安天CERT监测到微软在2022年11月8日发布的月度补丁集中修复了两个严重的Windows脚本语言执行机制所存在的远程代码执行漏洞。安天CERT建议用户及时更新相应补丁，以免受到这两个漏洞的影响。

2 漏洞详述

两个漏洞编号分别为：CVE-2022-41118、CVE-2022-41128，两个漏洞均被微软标记为“严重”级别。

CVE-2022-41128漏洞的CVSS评分为8.8分，该漏洞影响jscript9脚本的安全执行。要利用该漏洞攻击者必须引诱用户访问恶意网站或共享服务器，然后下载并执行带有恶意代码的漏洞利用脚本，所以该漏洞很可能被用来进行邮件或网页钓鱼。

CVE-2022-41118漏洞的CVSS评分为7.5分，该漏洞影响 jscript9 和 Chakra 脚本语言，但利用条件更为苛刻。其先决条件是：攻击者必须事先搭建恶意服务器，并引诱用户访问该服务器，同时攻击者还必须赢得竞争性条件才能成功利用该漏洞。

微软此次并未公开这两个漏洞的具体细节。截止通报编写时，安天CERT分析人员尚未在开源社区以及公开的漏洞平台上发现针对两个漏洞的POC或利用工具。同时微软也声称未发现两个漏洞被在野利用的迹象，但安天CERT建议用户及时更新相应补丁，以免受到这两个漏洞的影响。

3 受影响范围

目前微软官方已确认受该漏洞影响的数据库版本如下：

Windows Server 2012 R2

Windows Server 2012 R2

Windows Server 2012 R2

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows 8.1 for 32-bit systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2019

Windows RT 8.1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 8.1 for x64-based systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 11 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H1 for 32-bit Systems

Windows 11 for x64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows Server 2022

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

4 漏洞修复建议

该漏洞属于产品自身漏洞，暂无缓解措施，厂商已发布对应版本的升级补丁。安天CERT建议用户请尽快进行补丁修复。官方升级补丁下载地址如下：

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41128

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41118

5 安天观点及风险提醒

受此次两个漏洞影响的Windows版本波及范围较广，且主要影响诸如：Windows Server 2012 R2、Windows 10、Windows 11等多个主流版本。

安天CERT建议尽快采取以下措施提高防范和警惕：

1. 迅速排查在资产中是否存在受影响的Windows版本；

2. 对受漏洞影响的Windows操作系统安装补丁并更新防火墙、流量监控等安全设备的防护策略；

附录一：参考资料

[1] Windows Scripting Languages Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41128

[2] Windows Scripting Languages Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41118