【资讯处-转知】(ANA事件单通知:TACERT-ANA-2023041701042626)(【漏洞预警】微软通用纪录档系统(CLFS)驱动程式存在权限提升之高风险安全漏洞(CVE-2023-28252),允许已取得一般权限之攻击者提升至系统权限,请尽速确认并进行更新或评估采取缓解措施)

发布编号:TACERT-ANA-2023041701042626

发布时间:2023-04-17 13:50:28

事故类型:ANA-漏洞预警

发现时间:2023-04-17 13:43:28

影响等级:低

 

[主旨说明:]

【漏洞预警】微软通用纪录档系统(CLFS)驱动程式存在权限提升之高风险安全漏洞(CVE-2023-28252),允许已取得一般权限之攻击者提升至系统权限,请尽速确认并进行更新或评估采取缓解措施

 

[内容说明:]

转发 国家资安资讯分享与分析中心 NISAC-ANA-202304-0734

研究人员发现微软通用纪录档系统(Common Log File System, CLFS)驱动程式存在权限提升(Elevation of Privilege)之高风险安全漏洞(CVE-2023-28252),允许已取得系统一般权限且可于系统执行程式之攻击者进一步取得系统(System)权限。本漏洞已于本年2月遭骇客利用并部署勒索软件Nokoyawa,美国网络安全暨基础设施安全局(CISA)亦将此漏洞列为优先修补对象。

 

[影响平台:]

● Windows 10 for 32-bit Systems

● Windows 10 for x64-based Systems

● Windows 10 Version 1607 for 32-bit Systems

● Windows 10 Version 1607 for x64-based Systems

● Windows 10 Version 1809 for 32-bit Systems

● Windows 10 Version 1809 for ARM64-based Systems

● Windows 10 Version 1809 for x64-based Systems

● Windows 10 Version 20H2 for 32-bit Systems

● Windows 10 Version 20H2 for ARM64-based Systems

● Windows 10 Version 20H2 for x64-based Systems

● Windows 10 Version 21H2 for 32-bit Systems

● Windows 10 Version 21H2 for ARM64-based Systems

● Windows 10 Version 21H2 for x64-based Systems

● Windows 10 Version 22H2 for 32-bit Systems

● Windows 10 Version 22H2 for ARM64-based Systems

● Windows 10 Version 22H2 for x64-based Systems

● Windows 11 version 21H2 for ARM64-based Systems

● Windows 11 version 21H2 for x64-based Systems

● Windows 11 Version 22H2 for ARM64-based Systems

● Windows 11 Version 22H2 for x64-based Systems

● Windows Server 2008 for 32-bit Systems Service Pack 2

● Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

● Windows Server 2008 for x64-based Systems Service Pack 2

● Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

● Windows Server 2008 R2 for x64-based Systems Service Pack 1

● Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

● Windows Server 2012

● Windows Server 2012 (Server Core installation)

● Windows Server 2012 R2

● Windows Server 2012 R2 (Server Core installation)

● Windows Server 2016

● Windows Server 2016 (Server Core installation)

● Windows Server 2019

● Windows Server 2019 (Server Core installation)

● Windows Server 2022

● Windows Server 2022 (Server Core installation)

 

[建议措施:]

目前微软官方已针对弱点释出安全性更新(包含于4月份之汇总更新中),各机关可自行或联络系统维护厂商进行修补,修补程式连结如下:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252

 

[参考资料:]

1. 微软修补一个已被勒索软件骇客滥用的零时差漏洞

2. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252

3. https://nvd.nist.gov/vuln/detail/CVE-2023-28252

(此通报仅在于告知相关资讯,并非为资安事件),如果您对此通报的内容有疑问或有关于此事件的建议,欢迎与我们连络。

教育机构资安通报应变小组

网址:https://info.cert.tanet.edu.tw/

专线电话:07-5250211

网络电话:98400000

E-Mail:service@cert.tanet.edu.tw

编辑