Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

SECURITY ALERT: Solutions and Protections against PrinterNightmare (CVE-2021-1675 and CVE-2021-34527)

    • 更新於:
    • 6 Jul 2021
    • 產品/版本:
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Apex One
    • Cloud One - Workload Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Deep Security
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • Vulnerability Protection
    • 作業系統:
概要

2021年6月,微軟針對Windows作業系統發布了「列印多工緩衝處理器」的一項弱點(CVE-2021-1675)與安全性更新,於此同時,微軟也釋放出了更多關於此弱點的訊息,其中包括它可能被利用來進行遠端攻擊等。而利用此漏洞進行攻擊的手法也因此被稱為「PrinterNightmare」攻擊。 而數日前 (2021/7/1 ),微軟還公佈了關於Windows 「列印多工緩衝處理器」的第二個遠端執行代碼漏洞,”CVE-2021-34527”,此弱點在於Microsoft網站上目前也被列為「正被積極利用中的弱點」之一。
 
詳情
Public

緩解要素與防護建議:


針對以上漏洞的第一道保護機制仍是確保受影響的作業系統皆安裝Microsoft最新的安全性更新。但全面性的安全性修補可能需要花費一些時間,為了盡快為客戶提供防護,趨勢科技以Deep Security的IPS防禦技術、檔案一致性監控(Integrity Monitoring) 和Tipping Point DV過濾器等功能發布了一系列的防護規則,可有效協助用戶增強用戶環境的整體安全。
 

防護規則:

IPS Rules

Deep Security and Cloud One - Workload Security, Vulnerability Protection and Apex One Vulnerability Protection (iVP) Integrity Montoring (IM) Rules
  • Rule 1011016 - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol
  • Rule 1011018 - Identified DCERPC AddPrinterDriverEx Call Over SMB Protocol
請注意,由於此弱點的特性並維持 Windows function/call (AddPrinterDriverEx)等有效性,這些IPS規則預設為 “DETECT”。 這是為了盡可能降低對 IT 環境的潛在誤判。趨勢科技建議 IT 管理者在 IT 環境中查看並測試這些規則,並視實際需求調整為 “PREVENT”。

Trend Micro Cloud One – Network Security and TippingPoint ThreatDV Malware Detection Filters
  • 39940: RPC: Microsoft Windows AddPrinterDriverEx Request Detected

其他 Inspection / Detection Rules

Deep Security Log Inspection
  • Rule 1011017 - Microsoft Windows - Print Spooler Failed Loading Plugin Module (PrintNightmare)

Trend Micro Deep Discovery Inspector (DDI) Rules
  • Rule 4588: CVE-2021-34527_SMB_POSSIBLE_RCE_REQUEST_SB
  • Rule 4589: CVE-2021-34527_DCE_POSSIBLE_RCE_REQUEST_SB
(備註: 上述兩條Rule ID亦可偵測CVE-2021-1675 的攻擊手法)

Trend Micro is continuing to aggressively look into other forms of detection and protection to assist our customers, but we do want to continue to reiterate that the primary recommendation is to apply the official Microsoft patches as soon as possible. We will continue to update this article and our customers if/when additional layers of protection are found.
 

參考:

Premium
Internal
Partner
評價:
分類:
解決方案ID:
000286888
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!


本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.