如何检测sql注入漏洞的存在（CNNVD关于MicrosoftMSHTML.DLL）

近日，国家信息安全漏洞库（CNNVD）收到关于Microsoft MSHTML.DLL 代码注入漏洞（CNNVD-202109-350、CVE-2021-40444）情况的报送成功利用漏洞的攻击者能够在目标系统执行恶意代码，最终控制目标系统微软多个操作系统均受此漏洞影响目前，微软官方暂未发布漏洞修复补丁，但发布了临时缓解措施缓解漏洞带来的危害，请用户及时确认是否受到漏洞影响，尽快采取修补措施，下面我们就来说一说关于如何检测sql注入漏洞的存在?我们一起去了解并探讨一下这个问题吧!

如何检测sql注入漏洞的存在

近日，国家信息安全漏洞库（CNNVD）收到关于Microsoft MSHTML.DLL 代码注入漏洞（CNNVD-202109-350、CVE-2021-40444）情况的报送。成功利用漏洞的攻击者能够在目标系统执行恶意代码，最终控制目标系统。微软多个操作系统均受此漏洞影响。目前，微软官方暂未发布漏洞修复补丁，但发布了临时缓解措施缓解漏洞带来的危害，请用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

MicrosoftMSHTML.DLL是美国微软（Microsoft）公司的一个用于解析HTML语言的动态链接库，IE、Outlook、Outlook Express等应用程序都使用了该动态链接库。远程攻击者可以创建带有恶意ActiveX控件的特制Office文档，诱使受害者打开文档并在系统上执行任意代码。

二、危害影响

成功利用漏洞的攻击者能够在目标系统执行恶意代码，最终控制目标系统。微软Windows 7、Windows 8、Windows 10、Windows Server 2008、WindowsServer 2012、Windows Server 2016、Windows Server 2019等42个操作系统版本均受此漏洞影响。具体如下：

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (ServerCore installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows 10 Version 21H1 for 32-bit Systems

Windows 10 Version 21H1 for ARM64-based Systems

Windows 10 Version 21H1 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

三、修复建议

目前，微软官方暂未发布漏洞修复补丁，但发布了临时缓解措施缓解漏洞带来的危害，请用户及时确认是否受到漏洞影响，尽快采取修补措施。官方链接如下：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

,