我司在安全漏洞預警機制排查時發(fā)現(xiàn)，Microsoft官方于2021年1月12日發(fā)布了Microsoft Defender 緩沖區(qū)溢出漏洞的風險通告，該漏洞編號為CVE-2021-1647，漏洞等級：高危，漏洞評分：7.8，特將漏洞詳情通告如下：

一、漏洞詳情

攻擊者通過構造特殊的PE文件,使得Microsoft Defender在對該文件進行解析的時候，產生緩沖區(qū)溢出，從而造成遠程代碼執(zhí)行。目前，漏洞細節(jié)已公開，Microsoft官方已發(fā)布升級版本信息。

二、影響版本

-Microsoft:Microsoft Defender:Windows 8.1 for 32-bit systems

-Microsoft:Microsoft Defender:Windows 7 for x64-based Systems Service Pack 1

-Microsoft:Microsoft Defender:Windows 7 for 32-bit Systems Service Pack 1

-Microsoft:Microsoft Defender:Windows Server 2016 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2016

-Microsoft:Microsoft Defender:Windows 10 Version 1607 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1607 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server, version 20H2 (Server Core Installation)

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 Version 20H2 for x64-based Systems

-Microsoft:Microsoft Defender:Windows Server, version 2004 (Server Core installation)

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 2004 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server, version 1909 (Server Core installation)

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1909 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows Server 2019 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2019

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1809 for 32-bit Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for ARM64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for x64-based Systems

-Microsoft:Microsoft Defender:Windows 10 Version 1803 for 32-bit Systems

-Microsoft:Microsoft System Center 2012 Endpoint Protection

-Microsoft:Microsoft Security Essentials

-Microsoft:Microsoft System Center 2012 R2 Endpoint Protection

-Microsoft:Microsoft System Center Endpoint Protection

-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2008 for 32-bit Systems Service Pack 2

-Microsoft:Microsoft Defender:Windows RT 8.1

-Microsoft:Microsoft Defender:Windows 8.1 for x64-based systems

-Microsoft:Microsoft Defender:Windows Server 2012 R2 (Server Core installation)

-Microsoft:Microsoft Defender:Windows Server 2012 R2

-Microsoft:Microsoft Defender:Windows Server 2012 (Server Core installation)

三、修復建議

微軟官方已更新受影響軟件的安全補丁，用戶可根據不同版本系統(tǒng)下載安裝對應的安全補丁，安全更新鏈接如下：http://www.tjdsmy.cn/update-guide/en-us/vulnerability/CVE-2021-1647

四、高危風險重要提醒

1. 請您及時進行Microsoft Windows版本檢查、更新；

2. 請您保持Windows server / Windows 檢測并開啟自動更新功能；Windows自動更新流程如下：

1) 點擊開始菜單，在彈出的菜單中選擇“控制面板”進行下一步。

2) 點擊控制面板頁面中的“系統(tǒng)和安全”，進入設置。

3) 在彈出的新的界面中選擇“windows update”中的“啟用或禁用自動更新”。

4) 然后進入設置窗口，展開下拉菜單項，選擇其中的自動安裝更新（推薦）。

3. 請您在安全管理中養(yǎng)成數據備份的好習慣，做好數據備份工作，避免因數據丟失給您帶來的損失。

7X24技術支持熱線：0871-63886388

24小時值班QQ : 4001544001