12月份,常熟市公安局网安大队发现并验证确认全市网络安全事件54起,高危漏洞隐患2个,涉及单位56家。按照分级处置原则,依法对56家存在隐患的单位进行了通报,按照相关法律法规要求限期完成整改。从行业领域分布来看,本月被通报的安全事件和高危漏洞主要涉及企业单位。从安全事件和高危漏洞类型来看,本月安全事件类型仍为非法外链,高危漏洞类型为shiro命令执行漏洞。
常见安全事件和漏洞危害
目前,经扫描发现全市部分单位信息系统存在shiro命令执行漏洞,该漏洞是由于Apache Shiro cookie中通过AES-128-CBC模式加密的rememberMe字段存在问题所引发,用户可通过Padding Orache加密生成的攻击代码来构造恶意的rememberMe字段,并重新请求网站,进行反序列化攻击,最终导致任意代码执行。
目前受影响版本为Apache Shiro 1.2.5、1.2.6、1.3.0、1.3.2、1.4.0-RC2、1.4.0、1.4.1版本。
为有效防范该类型漏洞,建议全市涉及单位及时升级Shiro版本,并在安全设备尝试拦截爆破流量,及时阻止攻击者进行尝试性攻击行为。
新型病毒漏洞预警提示
近日,微软发布了2021年12月的例行安全更新公告,共涉及漏洞数67个,其中严重级别漏洞7个,重要级别60个。本次发布涉及Windows、ASP.NET、Visual Studio、Azure、Defender for IoT、Microsoft Office、SharePoint Server、PowerShell、Remote Desktop Client、Windows Hyper-V、Windows Mobile Device Management、Windows Remote Access Connection Manager等多个软件的安全更新。
(一)漏洞情况
本月发布的公告中以下漏洞需要重点关注:
CVE-2021-43215(iSNS 服务器远程代码执行漏洞);
CVE-2021-43217(Windows 加密文件系统 (EFS) 远程代码执行漏洞);
CVE-2021-43890(Windows AppX 安装程序欺骗漏洞)。
(二)受影响的产品包括
CVE-2021-43215:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2021-43217:
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
官方已发布漏洞补丁及修复版本,请各单位评估业务是否受影响后,酌情升级至安全版本。
网络安全防范小常识
办公场所几点安全防范小知识:
01
遵守办公场所的管理制度,非工作设备不要接入到办公网络;
02
不擅自增加网络设备及节点,如交换机、无线路由器等;
03
纸质文件妥善保管,切记随意放置或丢弃含有敏感信息的纸质文件。
为有效保障我市网络健康运行,防止发生各类安全事件,请各单位进一步提高安全意识、责任意识,及时建立、落实各项安全管理制度和技术措施,全面提升风险防范能力,确保网络安全运行。
审核人 | 夏青
发布人 | 田腾
赞是一种鼓励|分享是最好支持
点击右下角发表你的心声
我们期待与您的交流