全球观察:国家漏洞库CNNVD:关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞77个,影响到微软产品的其他厂商漏洞8个。包括Microsoft SharePoint 安全漏洞(CNNVD-202306-940、CVE-2023-29357)、Microsoft Windows PGM 安全漏洞(CNNVD-202306-959、CVE-2023-29363)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
(资料图片)
一、 漏洞介绍
2023年6月13日,微软发布了2023年6月份安全更新,共85个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Visual Studio和Microsoft .NET、Microsoft Visual Studio和Microsoft、Microsoft Windows iSCSI、Microsoft Windows Hyper-V、Microsoft Windows Bus Filter Driver等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞54个,中危漏洞24个,低危漏洞3个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括70个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞43个,中危漏洞21个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-940 | CVE-2023-29357 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 |
2 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-959 | CVE-2023-29363 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363 |
3 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-993 | CVE-2023-32014 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014 |
4 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-995 | CVE-2023-32015 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015 |
5 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-921 | CVE-2023-21565 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565 |
6 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-924 | CVE-2023-24895 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 |
7 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-908 | CVE-2023-24897 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 |
8 | 多款Microsoft产品安全漏洞 | CNNVD-202306-853 | CVE-2023-24936 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
9 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-904 | CVE-2023-28310 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 |
10 | Microsoft .NET Framework安全漏洞 | CNNVD-202306-918 | CVE-2023-29326 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 |
11 | Microsoft .NET Core安全漏洞 | CNNVD-202306-854 | CVE-2023-29331 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 |
12 | Microsoft Windows NTFS 安全漏洞 | CNNVD-202306-938 | CVE-2023-29346 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346 |
13 | Microsoft Windows Group Policy 安全漏洞 | CNNVD-202306-942 | CVE-2023-29351 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351 |
14 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-947 | CVE-2023-29358 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358 |
15 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-949 | CVE-2023-29359 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 |
16 | Microsoft Windows TPM Device Driver 安全漏洞 | CNNVD-202306-954 | CVE-2023-29360 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 |
17 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202306-953 | CVE-2023-29361 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361 |
18 | Microsoft Remote Desktop Client 安全漏洞 | CNNVD-202306-952 | CVE-2023-29362 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29362 |
19 | Microsoft Windows Authentication 安全漏洞 | CNNVD-202306-958 | CVE-2023-29364 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364 |
20 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-961 | CVE-2023-29365 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29365 |
21 | Microsoft Windows Geolocation Service 安全漏洞 | CNNVD-202306-963 | CVE-2023-29366 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29366 |
22 | Microsoft iSCSI Target WMI Provider 安全漏洞 | CNNVD-202306-965 | CVE-2023-29367 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29367 |
23 | Microsoft Windows Filtering 安全漏洞 | CNNVD-202306-967 | CVE-2023-29368 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29368 |
24 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-972 | CVE-2023-29370 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29370 |
25 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-976 | CVE-2023-29371 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29371 |
26 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202306-978 | CVE-2023-29372 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29372 |
27 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202306-975 | CVE-2023-29373 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29373 |
28 | Microsoft Windows Resilient File System (ReFS) 安全漏洞 | CNNVD-202306-932 | CVE-2023-32008 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32008 |
29 | Microsoft Windows Collaborative Translation Framework 安全漏洞 | CNNVD-202306-930 | CVE-2023-32009 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32009 |
30 | Microsoft Windows Bus Filter Driver 安全漏洞 | CNNVD-202306-971 | CVE-2023-32010 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32010 |
31 | Microsoft Windows iSCSI 安全漏洞 | CNNVD-202306-986 | CVE-2023-32011 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32011 |
32 | Microsoft PostScript Printer Driver 安全漏洞 | CNNVD-202306-1000 | CVE-2023-32017 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 |
33 | Microsoft Windows Hello 安全漏洞 | CNNVD-202306-1002 | CVE-2023-32018 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32018 |
34 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202306-1016 | CVE-2023-32021 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32021 |
35 | Microsoft Windows Server 安全漏洞 | CNNVD-202306-1019 | CVE-2023-32022 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022 |
36 | Microsoft Excel 安全漏洞 | CNNVD-202306-913 | CVE-2023-32029 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32029 |
37 | Microsoft .NET 安全漏洞 | CNNVD-202306-1023 | CVE-2023-32030 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 |
38 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-915 | CVE-2023-32031 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 |
39 | Microsoft .NET 安全漏洞 | CNNVD-202306-1024 | CVE-2023-33126 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 |
40 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-861 | CVE-2023-33128 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 |
41 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1027 | CVE-2023-33130 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 |
42 | Microsoft Outlook 安全漏洞 | CNNVD-202306-1038 | CVE-2023-33131 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131 |
43 | Microsoft Excel 缓冲区错误漏洞 | CNNVD-202306-1031 | CVE-2023-33133 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33133 |
44 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-980 | CVE-2023-33135 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 |
45 | Microsoft Excel 安全漏洞 | CNNVD-202306-916 | CVE-2023-33137 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137 |
46 | Microsoft Office 安全漏洞 | CNNVD-202306-920 | CVE-2023-33146 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33146 |
47 | Microsoft ASP.NET Core 安全漏洞 | CNNVD-202306-1008 | CVE-2023-33141 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141 |
48 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-922 | CVE-2023-21569 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 |
49 | Microsoft Windows CryptoAPI 安全漏洞 | CNNVD-202306-910 | CVE-2023-24938 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938 |
50 | Windows Remote Desktop Security 安全漏洞 | CNNVD-202306-939 | CVE-2023-29352 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352 |
51 | Microsoft SysInternals 安全漏洞 | CNNVD-202306-912 | CVE-2023-29353 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353 |
52 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202306-944 | CVE-2023-29355 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 |
53 | Microsoft Windows Remote Procedure Call Runtime 安全漏洞 | CNNVD-202306-970 | CVE-2023-29369 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369 |
54 | Microsoft Windows Container Manager Service 安全漏洞 | CNNVD-202306-988 | CVE-2023-32012 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32012 |
55 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202306-991 | CVE-2023-32013 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32013 |
56 | Microsoft Windows Installer 安全漏洞 | CNNVD-202306-996 | CVE-2023-32016 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016 |
57 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202306-1010 | CVE-2023-32019 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019 |
58 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1029 | CVE-2023-33129 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 |
59 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-985 | CVE-2023-33132 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 |
60 | Microsoft Visual Studio 安全漏洞 | CNNVD-202306-919 | CVE-2023-33139 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 |
61 | Microsoft Office OneNote 安全漏洞 | CNNVD-202306-990 | CVE-2023-33140 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 |
62 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-998 | CVE-2023-33142 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 |
63 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202306-1012 | CVE-2023-33144 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144 |
64 | Microsoft Edge 安全漏洞 | CNNVD-202306-1015 | CVE-2023-33145 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 |
65 | Microsoft Dynamics 安全漏洞 | CNNVD-202306-905 | CVE-2023-24896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24896 |
66 | Microsoft Windows CryptoAPI安全漏洞 | CNNVD-202306-907 | CVE-2023-24937 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937 |
67 | Microsoft NuGet Client 安全漏洞 | CNNVD-202306-856 | CVE-2023-29337 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 |
68 | Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 | CNNVD-202306-858 | CVE-2023-32032 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032 |
69 | Microsoft Windows DNS 安全漏洞 | CNNVD-202306-1013 | CVE-2023-32020 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32020 |
70 | Microsoft Power Apps 安全漏洞 | CNNVD-202306-914 | CVE-2023-32024 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024 |
此次更新共包括7个更新漏洞的补丁程序,其中高危漏洞4个,中危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202107-137 | CVE-2021-34527 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |
2 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202211-2288 | CVE-2022-37967 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
3 | Microsoft Windows Netlogon 安全漏洞 | CNNVD-202211-2274 | CVE-2022-38023 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 |
4 | Microsoft Excel 安全漏洞 | CNNVD-202303-1038 | CVE-2023-23398 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
5 | Microsoft Service Fabric 安全漏洞 | CNNVD-202303-1016 | CVE-2023-23383 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
6 | Microsoft Excel 资源管理错误漏洞 | CNNVD-202303-1033 | CVE-2023-23396 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
7 | Microsoft Defender SmartScreen 安全漏洞 | CNNVD-202303-1034 | CVE-2023-24880 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880 |
此次更新共包括8个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞7个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Git 路径遍历漏洞 | CNNVD-202304-2045 | CVE-2023-25652 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
2 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1342 | CVE-2023-27909 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
3 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1343 | CVE-2023-27910 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
4 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1347 | CVE-2023-27911 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
5 | Git 注入漏洞 | CNNVD-202304-2063 | CVE-2023-29007 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
6 | Git for Windows 代码问题漏洞 | CNNVD-202304-2061 | CVE-2023-29011 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm |
7 | Git for Windows 代码问题漏洞 | CNNVD-202304-2059 | CVE-2023-29012 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g |
8 | Git for Windows 格式化字符串错误漏洞 | CNNVD-202304-2046 | CVE-2023-25815 | 低危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn