近日,国家信息安全漏洞库(CNNVD)收到关于Microsoft MSHTML.DLL 代码注入漏洞(CNNVD-202109-350、CVE-2021-40444)情况的报送成功利用漏洞的攻击者能够在目标系统执行恶意代码,最终控制目标系统微软多个操作系统均受此漏洞影响目前,微软官方暂未发布漏洞修复补丁,但发布了临时缓解措施缓解漏洞带来的危害,请用户及时确认是否受到漏洞影响,尽快采取修补措施,下面我们就来说一说关于如何检测sql注入漏洞的存在?我们一起去了解并探讨一下这个问题吧!
如何检测sql注入漏洞的存在
近日,国家信息安全漏洞库(CNNVD)收到关于Microsoft MSHTML.DLL 代码注入漏洞(CNNVD-202109-350、CVE-2021-40444)情况的报送。成功利用漏洞的攻击者能够在目标系统执行恶意代码,最终控制目标系统。微软多个操作系统均受此漏洞影响。目前,微软官方暂未发布漏洞修复补丁,但发布了临时缓解措施缓解漏洞带来的危害,请用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
MicrosoftMSHTML.DLL是美国微软(Microsoft)公司的一个用于解析HTML语言的动态链接库,IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。远程攻击者可以创建带有恶意ActiveX控件的特制Office文档,诱使受害者打开文档并在系统上执行任意代码。
二、危害影响
成功利用漏洞的攻击者能够在目标系统执行恶意代码,最终控制目标系统。微软Windows 7、Windows 8、Windows 10、Windows Server 2008、WindowsServer 2012、Windows Server 2016、Windows Server 2019等42个操作系统版本均受此漏洞影响。具体如下:
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
三、修复建议
目前,微软官方暂未发布漏洞修复补丁,但发布了临时缓解措施缓解漏洞带来的危害,请用户及时确认是否受到漏洞影响,尽快采取修补措施。官方链接如下:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
,