独立行政法人情報処理推進機構(IPA)は10月14日、複数の Microsoft Windows 製品におけるリモートでコードを実行される脆弱性について「JVN iPedia」で発表した。影響を受けるシステムは以下の通り。
Microsoft Windows 10 Version 1607 for 32-bit Systems
Microsoft Windows 10 Version 1607 for x64-based Systems
Microsoft Windows 10 Version 1809 for 32-bit Systems
Microsoft Windows 10 Version 1809 for ARM64-based Systems
Microsoft Windows 10 Version 1809 for x64-based Systems
Microsoft Windows 10 Version 20H2 for 32-bit Systems
Microsoft Windows 10 Version 20H2 for ARM64-based Systems
Microsoft Windows 10 Version 20H2 for x64-based Systems
Microsoft Windows 10 Version 21H1 for 32-bit Systems
Microsoft Windows 10 Version 21H1 for ARM64-based Systems
Microsoft Windows 10 Version 21H1 for x64-based Systems
Microsoft Windows 10 Version 21H2 for 32-bit Systems
Microsoft Windows 10 Version 21H2 for ARM64-based Systems
Microsoft Windows 10 Version 21H2 for x64-based Systems
Microsoft Windows 10 for 32-bit Systems
Microsoft Windows 10 for x64-based Systems
Microsoft Windows 11 Version 22H2 for ARM64-based Systems
Microsoft Windows 11 Version 22H2 for x64-based Systems
Microsoft Windows 11 for ARM64-based Systems
Microsoft Windows 11 for x64-based Systems
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 8.1 for 32-bit systems
Microsoft Windows 8.1 for x64-based systems
Microsoft Windows RT 8.1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for x64-based Systems SP1 (Server Core installation)
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2 (Server Core installation)
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for x64-based Systems SP2 (Server Core installation)
Microsoft Windows Server 2012
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2016
Microsoft Windows Server 2016 (Server Core installation)
Microsoft Windows Server 2019
Microsoft Windows Server 2019 (Server Core installation)
Microsoft Windows Server 2022
Microsoft Windows Server 2022 (Server Core installation)
複数の Microsoft Windows 製品には、Windows Point-to-Point トンネリングプロトコルに不備があるため、リモートでコードを実行される脆弱性が存在する。
JVN iPediaでは、ベンダ情報を参照し適切な対策を実施するよう呼びかけている。
![GIFShell 攻撃 EDR回避か/米が中国攻撃時に京大を踏み台と報道/今後必要な Lazarus対策 ほか [Scan PREMIUM Monthly Executive Summary 2022年9月度] 画像](/imgs/p/VBQCg88_AM0-DSZSF4-0dQsJwAfOBQQDAgEA/39424.jpg)
