发布编号：TACERT-ANA-2021021810023838

发布时间：2021-02-18 10:08:39

事故类型：ANA-漏洞预警

发现时间：2021-02-18 10:08:39

影响等级：中

 

[主旨说明:]

【漏洞预警】微软Windows TCP/IP存在安全漏洞(CVE-2021-24074、CVE-2021-24094及CVE-2021-24086)，允许攻击者远端执行任意程式码或造成服务阻断，请尽速确认并进行更新！

 

[内容说明:]

转发 行政院国家资通安全会报技术服务中心 资安讯息警讯 NISAC-ANA-202102-0902

研究人员发现微软Windows TCP/IP存在安全漏洞 CVE-2021-24074、CVE-2021-24094及CVE-2021-24086，可能遭受以下攻击：

1. 远端攻击者可发送特制封包，利用CVE-2021-24074或CVE-2021-24094执行任意程式码。

2. 远端攻击者可发送特制封包，利用CVE-2021-24086造成服务阻断。

情资分享等级: WHITE(情资内容为可公开揭露之资讯)

[影响平台:]

受影响之Windows作业系统包含用户端及服务器版本，版本如下:

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

[建议措施:]

1.目前微软官方已针对此漏洞释出更新程式，请各机关联络设备维护厂商或参考以下建议进行更新：

    (1.)https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094

    (2.)https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074

    (3.)https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086

2.若无法立即更新，可参考官网公告采取缓解措施，并建议经测试再做调整。

    (1)CVE-2021-24074执行官网因应措施中之PowerShell指令，停用IPv4之松散来源路由，防止攻击者进行弱点利用，参考连结

    (2)CVE-2021-24086与CVE-2021-24094执行官网因应措施中之PowerShell指令，于边界网络设备上停用IPv6分段，防止攻击者进行弱点利用，参考连结：CVE-2021-24086、CVE-2021-24094

[参考资料:]

1.https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/

2. https://unit42.paloaltonetworks.com/cve-2021-24074-patch-tuesday/

3.微软呼吁用户修补3个Windows TCP/IP实作漏洞，影响所有版本

---

(此通报仅在于告知相关资讯，并非为资安事件)，如果您对此通报的内容有疑问或有关于此事件的建议，欢迎与我们连络。

教育机构资安通报应变小组

网址：https://info.cert.tanet.edu.tw/

专线电话：07-5250211

网络电话：98400000

E-Mail：service@cert.tanet.edu.tw