近日,CNNVD(國家資訊安全漏洞庫)正式通報微軟多個安全漏洞,其中微軟產品本身漏洞77個,影響到微軟產品的其他廠商漏洞8個。包括Microsoft SharePoint 安全漏洞(CNNVD-202306-940、CVE-2023-29357)、Microsoft Windows PGM 安全漏洞(CNNVD-202306-959、CVE-2023-29363)等多個漏洞。成功利用上述漏洞的攻擊者可以在目標系統上執行任意程式碼、獲取使用者資料,提升許可權等。微軟多個產品和系統受漏洞影響。目前,微軟官方已經發布了漏洞修復補丁,建議使用者及時確認是否受到漏洞影響,儘快採取修補措施。
一、漏洞介紹
2023年6月13日,微軟發佈了2023年6月份安全更新,共85個漏洞的補丁程序,CNNVD對這些漏洞進行了收錄。本次更新主要涵蓋了Microsoft Windows 和 Windows 元件、Microsoft Visual Studio和Microsoft .NET、Microsoft Visual Studio和Microsoft、Microsoft Windows iSCSI、Microsoft Windows Hyper-V、Microsoft Windows Bus Filter Driver等。CNNVD對其危害等級進行了評價,其中超危漏洞4個,高危漏洞54個,中危漏洞24個,低危漏洞3個。微軟多個產品和系統版本受漏洞影響,具體影響範圍可訪問微軟官方網站查詢:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞詳情
此次更新共包括70個新增漏洞的補丁程序,其中超危漏洞4個,高危漏洞43個,中危漏洞21個,低危漏洞2個。
序號 | 漏洞名稱 | CNNVD編號 | CVE編號 | 危害等級 | 官方連結 |
1 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-940 | CVE-2023-29357 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 |
2 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-959 | CVE-2023-29363 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363 |
3 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-993 | CVE-2023-32014 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014 |
4 | Microsoft Windows PGM 安全漏洞 | CNNVD-202306-995 | CVE-2023-32015 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015 |
5 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-921 | CVE-2023-21565 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565 |
6 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-924 | CVE-2023-24895 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 |
7 | Microsoft Visual Studio和Microsoft .NET安全漏洞 | CNNVD-202306-908 | CVE-2023-24897 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 |
8 | 多款Microsoft產品安全漏洞 | CNNVD-202306-853 | CVE-2023-24936 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
9 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-904 | CVE-2023-28310 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 |
10 | Microsoft .NET Framework安全漏洞 | CNNVD-202306-918 | CVE-2023-29326 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 |
11 | Microsoft .NET Core安全漏洞 | CNNVD-202306-854 | CVE-2023-29331 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 |
12 | Microsoft Windows NTFS 安全漏洞 | CNNVD-202306-938 | CVE-2023-29346 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346 |
13 | Microsoft Windows Group Policy 安全漏洞 | CNNVD-202306-942 | CVE-2023-29351 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351 |
14 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-947 | CVE-2023-29358 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358 |
15 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-949 | CVE-2023-29359 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 |
16 | Microsoft Windows TPM Device Driver 安全漏洞 | CNNVD-202306-954 | CVE-2023-29360 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 |
17 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202306-953 | CVE-2023-29361 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361 |
18 | Microsoft Remote Desktop Client 安全漏洞 | CNNVD-202306-952 | CVE-2023-29362 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29362 |
19 | Microsoft Windows Authentication 安全漏洞 | CNNVD-202306-958 | CVE-2023-29364 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364 |
20 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-961 | CVE-2023-29365 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29365 |
21 | Microsoft Windows Geolocation Service 安全漏洞 | CNNVD-202306-963 | CVE-2023-29366 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29366 |
22 | Microsoft iSCSI Target WMI Provider 安全漏洞 | CNNVD-202306-965 | CVE-2023-29367 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29367 |
23 | Microsoft Windows Filtering 安全漏洞 | CNNVD-202306-967 | CVE-2023-29368 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29368 |
24 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202306-972 | CVE-2023-29370 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29370 |
25 | Microsoft Windows GDI+ 安全漏洞 | CNNVD-202306-976 | CVE-2023-29371 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29371 |
26 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202306-978 | CVE-2023-29372 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29372 |
27 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202306-975 | CVE-2023-29373 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29373 |
28 | Microsoft Windows Resilient File System (ReFS) 安全漏洞 | CNNVD-202306-932 | CVE-2023-32008 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32008 |
29 | Microsoft Windows Collaborative Translation Framework 安全漏洞 | CNNVD-202306-930 | CVE-2023-32009 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32009 |
30 | Microsoft Windows Bus Filter Driver 安全漏洞 | CNNVD-202306-971 | CVE-2023-32010 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32010 |
31 | Microsoft Windows iSCSI 安全漏洞 | CNNVD-202306-986 | CVE-2023-32011 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32011 |
32 | Microsoft PostScript Printer Driver 安全漏洞 | CNNVD-202306-1000 | CVE-2023-32017 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 |
33 | Microsoft Windows Hello 安全漏洞 | CNNVD-202306-1002 | CVE-2023-32018 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32018 |
34 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202306-1016 | CVE-2023-32021 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32021 |
35 | Microsoft Windows Server 安全漏洞 | CNNVD-202306-1019 | CVE-2023-32022 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022 |
36 | Microsoft Excel 安全漏洞 | CNNVD-202306-913 | CVE-2023-32029 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32029 |
37 | Microsoft .NET 安全漏洞 | CNNVD-202306-1023 | CVE-2023-32030 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 |
38 | Microsoft Exchange Server 安全漏洞 | CNNVD-202306-915 | CVE-2023-32031 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 |
39 | Microsoft .NET 安全漏洞 | CNNVD-202306-1024 | CVE-2023-33126 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 |
40 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-861 | CVE-2023-33128 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 |
41 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1027 | CVE-2023-33130 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 |
42 | Microsoft Outlook 安全漏洞 | CNNVD-202306-1038 | CVE-2023-33131 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131 |
43 | Microsoft Excel 緩衝區錯誤漏洞 | CNNVD-202306-1031 | CVE-2023-33133 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33133 |
44 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202306-980 | CVE-2023-33135 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 |
45 | Microsoft Excel 安全漏洞 | CNNVD-202306-916 | CVE-2023-33137 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137 |
46 | Microsoft Office 安全漏洞 | CNNVD-202306-920 | CVE-2023-33146 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33146 |
47 | Microsoft ASP.NET Core 安全漏洞 | CNNVD-202306-1008 | CVE-2023-33141 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141 |
48 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202306-922 | CVE-2023-21569 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 |
49 | Microsoft Windows CryptoAPI 安全漏洞 | CNNVD-202306-910 | CVE-2023-24938 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938 |
50 | Windows Remote Desktop Security 安全漏洞 | CNNVD-202306-939 | CVE-2023-29352 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352 |
51 | Microsoft SysInternals 安全漏洞 | CNNVD-202306-912 | CVE-2023-29353 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353 |
52 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202306-944 | CVE-2023-29355 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 |
53 | Microsoft Windows Remote Procedure Call Runtime 安全漏洞 | CNNVD-202306-970 | CVE-2023-29369 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369 |
54 | Microsoft Windows Container Manager Service 安全漏洞 | CNNVD-202306-988 | CVE-2023-32012 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32012 |
55 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202306-991 | CVE-2023-32013 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32013 |
56 | Microsoft Windows Installer 安全漏洞 | CNNVD-202306-996 | CVE-2023-32016 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016 |
57 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202306-1010 | CVE-2023-32019 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019 |
58 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-1029 | CVE-2023-33129 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 |
59 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-985 | CVE-2023-33132 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 |
60 | Microsoft Visual Studio 安全漏洞 | CNNVD-202306-919 | CVE-2023-33139 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 |
61 | Microsoft Office OneNote 安全漏洞 | CNNVD-202306-990 | CVE-2023-33140 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 |
62 | Microsoft SharePoint 安全漏洞 | CNNVD-202306-998 | CVE-2023-33142 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 |
63 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202306-1012 | CVE-2023-33144 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144 |
64 | Microsoft Edge 安全漏洞 | CNNVD-202306-1015 | CVE-2023-33145 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 |
65 | Microsoft Dynamics 安全漏洞 | CNNVD-202306-905 | CVE-2023-24896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24896 |
66 | Microsoft Windows CryptoAPI安全漏洞 | CNNVD-202306-907 | CVE-2023-24937 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937 |
67 | Microsoft NuGet Client 安全漏洞 | CNNVD-202306-856 | CVE-2023-29337 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 |
68 | Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 | CNNVD-202306-858 | CVE-2023-32032 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032 |
69 | Microsoft Windows DNS 安全漏洞 | CNNVD-202306-1013 | CVE-2023-32020 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32020 |
70 | Microsoft Power Apps 安全漏洞 | CNNVD-202306-914 | CVE-2023-32024 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024 |
此次更新共包括7個更新漏洞的補丁程序,其中高危漏洞4個,中危漏洞3個。
序號 | 漏洞名稱 | CNNVD編號 | CVE編號 | 危害等級 | 官方連結 |
1 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202107-137 | CVE-2021-34527 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |
2 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202211-2288 | CVE-2022-37967 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
3 | Microsoft Windows Netlogon 安全漏洞 | CNNVD-202211-2274 | CVE-2022-38023 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 |
4 | Microsoft Excel 安全漏洞 | CNNVD-202303-1038 | CVE-2023-23398 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
5 | Microsoft Service Fabric 安全漏洞 | CNNVD-202303-1016 | CVE-2023-23383 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
6 | Microsoft Excel 資源管理錯誤漏洞 | CNNVD-202303-1033 | CVE-2023-23396 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
7 | Microsoft Defender SmartScreen 安全漏洞 | CNNVD-202303-1034 | CVE-2023-24880 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880 |
此次更新共包括8個影響微軟產品的其他廠商漏洞的補丁程序,其中高危漏洞7個,低危漏洞1個。
序號 | 漏洞名稱 | CNNVD編號 | CVE編號 | 危害等級 | 廠商 | 官方連結 |
1 | Git 路徑遍歷漏洞 | CNNVD-202304-2045 | CVE-2023-25652 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
2 | Autodesk FBX-SDK 緩衝區錯誤漏洞 | CNNVD-202304-1342 | CVE-2023-27909 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
3 | Autodesk FBX-SDK 緩衝區錯誤漏洞 | CNNVD-202304-1343 | CVE-2023-27910 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
4 | Autodesk FBX-SDK 緩衝區錯誤漏洞 | CNNVD-202304-1347 | CVE-2023-27911 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
5 | Git 注入漏洞 | CNNVD-202304-2063 | CVE-2023-29007 | 高危 | github | https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
6 | Git for Windows 程式碼問題漏洞 | CNNVD-202304-2061 | CVE-2023-29011 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm |
7 | Git for Windows 程式碼問題漏洞 | CNNVD-202304-2059 | CVE-2023-29012 | 高危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g |
8 | Git for Windows 格式化字串錯誤漏洞 | CNNVD-202304-2046 | CVE-2023-25815 | 低危 | github | https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8 |
三、修復建議
目前,微軟官方已經發布補丁修復了上述漏洞,建議使用者及時確認漏洞影響,儘快採取修補措施。微軟官方補丁下載地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD將繼續跟蹤上述漏洞的相關情況,及時發佈相關資訊。如有需要,可與CNNVD聯繫。聯繫方式: cnnvdvul@itsec.gov.cn
文章來源:CNNVD
