CNNVD 通报微软多个安全漏洞
责编:gltian |2023-06-16 15:14:39近日,CNNVD(国家信息安全漏洞库)正式通报微软多个安全漏洞,其中微软产品本身漏洞77个,影响到微软产品的其他厂商漏洞8个。包括Microsoft SharePoint 安全漏洞(CNNVD-202306-940、CVE-2023-29357)、Microsoft Windows PGM 安全漏洞(CNNVD-202306-959、CVE-2023-29363)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍2023年6月13日,微软发布了2023年6月份安全更新,共85个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Visual Studio和Microsoft .NET、Microsoft Visual Studio和Microsoft、Microsoft Windows iSCSI、Microsoft Windows Hyper-V、Microsoft Windows Bus Filter Driver等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞54个,中危漏洞24个,低危漏洞3个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情此次更新共包括70个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞43个,中危漏洞21个,低危漏洞2个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
| 1 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-940 | CVE-2023-29357 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 |
| 2 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-959 | CVE-2023-29363 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363 |
| 3 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-993 | CVE-2023-32014 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014 |
| 4 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-995 | CVE-2023-32015 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015 |
| 5 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-921 | CVE-2023-21565 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565 |
| 6 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-924 | CVE-2023-24895 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 |
| 7 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-908 | CVE-2023-24897 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 |
| 8 | 多款Microsoft产品安全漏洞 | CNNVD-202306-853 | CVE-2023-24936 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
| 9 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-904 | CVE-2023-28310 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 |
| 10 | Microsoft .NET Framework安全漏洞 | CNNVD-202306-918 | CVE-2023-29326 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 |
| 11 | Microsoft .NET Core安全漏洞 | CNNVD-202306-854 | CVE-2023-29331 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 |
| 12 | Microsoft Windows NTFS 安全漏洞 | CNNVD-202306-938 | CVE-2023-29346 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346 |
| 13 | Microsoft Windows Group Policy 安全漏洞 | CNNVD-202306-942 | CVE-2023-29351 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351 |
| 14 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-947 | CVE-2023-29358 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358 |
| 15 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-949 | CVE-2023-29359 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 |
| 16 | Microsoft Windows TPM Device Driver 安全漏洞 | CNNVD-202306-954 | CVE-2023-29360 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 |
| 17 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202306-953 | CVE-2023-29361 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361 |
| 18 | Microsoft Remote Desktop Client 安全漏洞 | CNNVD-202306-952 | CVE-2023-29362 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29362 |
| 19 | Microsoft Windows Authentication 安全漏洞 | CNNVD-202306-958 | CVE-2023-29364 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364 |
| 20 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-961 | CVE-2023-29365 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29365 |
| 21 | Microsoft Windows Geolocation Service 安全漏洞 | CNNVD-202306-963 | CVE-2023-29366 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29366 |
| 22 | Microsoft iSCSI Target WMI Provider 安全漏洞 | CNNVD-202306-965 | CVE-2023-29367 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29367 |
| 23 | Microsoft Windows Filtering 安全漏洞 | CNNVD-202306-967 | CVE-2023-29368 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29368 |
| 24 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-972 | CVE-2023-29370 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29370 |
| 25 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-976 | CVE-2023-29371 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29371 |
| 26 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202306-978 | CVE-2023-29372 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29372 |
| 27 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202306-975 | CVE-2023-29373 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29373 |
| 28 | Microsoft Windows Resilient File System (ReFS) 安全漏洞 | CNNVD-202306-932 | CVE-2023-32008 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32008 |
| 29 | Microsoft Windows Collaborative Translation Framework 安全漏洞 | CNNVD-202306-930 | CVE-2023-32009 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32009 |
| 30 | Microsoft Windows Bus Filter Driver 安全漏洞 | CNNVD-202306-971 | CVE-2023-32010 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32010 |
| 31 | Microsoft Windows iSCSI 安全漏洞 | CNNVD-202306-986 | CVE-2023-32011 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32011 |
| 32 | Microsoft PostScript Printer Driver 安全漏洞 | CNNVD-202306-1000 | CVE-2023-32017 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 |
| 33 | Microsoft Windows Hello 安全漏洞 | CNNVD-202306-1002 | CVE-2023-32018 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32018 |
| 34 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202306-1016 | CVE-2023-32021 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32021 |
| 35 | Microsoft Windows Server 安全漏洞 | CNNVD-202306-1019 | CVE-2023-32022 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022 |
| 36 | Microsoft Excel 安全漏洞 | CNNVD-202306-913 | CVE-2023-32029 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32029 |
| 37 | Microsoft .NET 安全漏洞 | CNNVD-202306-1023 | CVE-2023-32030 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 |
| 38 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-915 | CVE-2023-32031 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 |
| 39 | Microsoft .NET 安全漏洞 | CNNVD-202306-1024 | CVE-2023-33126 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 |
| 40 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-861 | CVE-2023-33128 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 |
| 41 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1027 | CVE-2023-33130 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 |
| 42 | Microsoft Outlook 安全漏洞 | CNNVD-202306-1038 | CVE-2023-33131 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131 |
| 43 | Microsoft Excel 缓冲区错误漏洞 | CNNVD-202306-1031 | CVE-2023-33133 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33133 |
| 44 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-980 | CVE-2023-33135 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 |
| 45 | Microsoft Excel 安全漏洞 | CNNVD-202306-916 | CVE-2023-33137 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137 |
| 46 | Microsoft Office 安全漏洞 | CNNVD-202306-920 | CVE-2023-33146 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33146 |
| 47 | Microsoft ASP.NET Core 安全漏洞 | CNNVD-202306-1008 | CVE-2023-33141 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141 |
| 48 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-922 | CVE-2023-21569 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 |
| 49 | Microsoft Windows CryptoAPI 安全漏洞 | CNNVD-202306-910 | CVE-2023-24938 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938 |
| 50 | Windows Remote Desktop Security 安全漏洞 | CNNVD-202306-939 | CVE-2023-29352 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352 |
| 51 | Microsoft SysInternals 安全漏洞 | CNNVD-202306-912 | CVE-2023-29353 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353 |
| 52 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202306-944 | CVE-2023-29355 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 |
| 53 | Microsoft Windows Remote Procedure Call Runtime 安全漏洞 | CNNVD-202306-970 | CVE-2023-29369 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369 |
| 54 | Microsoft Windows Container Manager Service 安全漏洞 | CNNVD-202306-988 | CVE-2023-32012 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32012 |
| 55 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202306-991 | CVE-2023-32013 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32013 |
| 56 | Microsoft Windows Installer 安全漏洞 | CNNVD-202306-996 | CVE-2023-32016 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016 |
| 57 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202306-1010 | CVE-2023-32019 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019 |
| 58 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1029 | CVE-2023-33129 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 |
| 59 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-985 | CVE-2023-33132 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 |
| 60 | Microsoft Visual Studio 安全漏洞 | CNNVD-202306-919 | CVE-2023-33139 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 |
| 61 | Microsoft Office OneNote 安全漏洞 | CNNVD-202306-990 | CVE-2023-33140 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 |
| 62 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-998 | CVE-2023-33142 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 |
| 63 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202306-1012 | CVE-2023-33144 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144 |
| 64 | Microsoft Edge 安全漏洞 | CNNVD-202306-1015 | CVE-2023-33145 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 |
| 65 | Microsoft Dynamics 安全漏洞 | CNNVD-202306-905 | CVE-2023-24896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24896 |
| 66 | Microsoft Windows CryptoAPI安全漏洞 | CNNVD-202306-907 | CVE-2023-24937 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937 |
| 67 | Microsoft NuGet Client 安全漏洞 | CNNVD-202306-856 | CVE-2023-29337 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 |
| 68 | Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 | CNNVD-202306-858 | CVE-2023-32032 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032 |
| 69 | Microsoft Windows DNS 安全漏洞 | CNNVD-202306-1013 | CVE-2023-32020 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32020 |
| 70 | Microsoft Power Apps 安全漏洞 | CNNVD-202306-914 | CVE-2023-32024 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024 |
此次更新共包括7个更新漏洞的补丁程序,其中高危漏洞4个,中危漏洞3个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
| 1 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202107-137 | CVE-2021-34527 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |
| 2 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202211-2288 | CVE-2022-37967 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
| 3 | Microsoft Windows Netlogon 安全漏洞 | CNNVD-202211-2274 | CVE-2022-38023 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 |
| 4 | Microsoft Excel 安全漏洞 | CNNVD-202303-1038 | CVE-2023-23398 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
| 5 | Microsoft Service Fabric 安全漏洞 | CNNVD-202303-1016 | CVE-2023-23383 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
| 6 | Microsoft Excel 资源管理错误漏洞 | CNNVD-202303-1033 | CVE-2023-23396 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
| 7 | Microsoft Defender SmartScreen 安全漏洞 | CNNVD-202303-1034 | CVE-2023-24880 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880 |
此次更新共包括8个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞7个,低危漏洞1个。
| 序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
| 1 | Git 路径遍历漏洞 | CNNVD-202304-2045 | CVE-2023-25652 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
| 2 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1342 | CVE-2023-27909 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
| 3 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1343 | CVE-2023-27910 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
| 4 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1347 | CVE-2023-27911 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
| 5 | Git 注入漏洞 | CNNVD-202304-2063 | CVE-2023-29007 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
| 6 | Git for Windows 代码问题漏洞 | CNNVD-202304-2061 | CVE-2023-29011 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm |
| 7 | Git for Windows 代码问题漏洞 | CNNVD-202304-2059 | CVE-2023-29012 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g |
| 8 | Git for Windows 格式化字符串错误漏洞 | CNNVD-202304-2046 | CVE-2023-25815 | 低危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
来源:CNNVD