1. 通告信息

2021年01月13日，安识科技A-Team团队监测Microsoft官网发布了Microsoft Defender 缓冲区溢出漏洞的风险通告，该漏洞编号为CVE-2021-1647，漏洞等级：高危，攻击者通过构造特殊的恶意文件,可造成Microsoft Defender 远程代码执行。

2. 漏洞概述

2021年01月12日，微软在每月例行补丁日修复了Windows Defender远程代码执行严重安全漏洞。Windows Defender是微软内置在Windows Vista, Windows 7，Windows 8,Windows 8.1和Windows10等操作系统中的默认杀毒软件。攻击者可通过向目标受害者发送邮件或恶意链接等方式诱导受害者下载攻击者构造的恶意文件，从而使Windows Defender在自动扫描恶意文件时触发利用该漏洞，最终接管受害者计算机权限。

3. 漏洞危害

成功利用该漏洞，可以获取受害者计算机权限，造成严重的信息泄露。

4. 影响版本

该漏洞影响微软大部分产品：

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

-Microsoft:Microsoft System Center 2012 Endpoint Protection

-Microsoft:Microsoft Security Essentials

-Microsoft:Microsoft System Center 2012 R2 Endpoint Protection

-Microsoft:Microsoft System Center Endpoint Protection

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

5. 解决方案

安识科技建议广大用户及时进行Windows Defender 版本更新，Microsoft官方安全更新地址：

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jan

6. 时间轴

【-】2021年01月12日 微软发布了CVE -2021-1647安全更新

【-】2021年01月13日 安识科技A-Team团队根据微软更新内容分析

【-】2021年01月13日 安识科技A-Team团队发布安全通告

本文作者：安识科技

本文为安全脉搏专栏作者发布，转载请注明：https://www.secpulse.com/archives/152042.html