点击上方蓝字关注我们
在微软2023年6月的补丁星期二中,安全更新共修复了78个漏洞,其中包括38个远程代码执行漏洞。
虽然修复了38个远程代码执行漏洞中,但只有6个漏洞被微软评为“严重”漏洞,类别包括拒绝服务攻击、远程代码执行和权限提升。
-
17个特权提升漏洞 -
3个安全功能绕过漏洞 -
32个远程代码执行漏 -
5个信息披露漏洞 -
10个拒绝服务漏洞 -
10个欺骗漏洞 -
1个Edge漏洞-Chromium
值得关注的漏洞
CVE-2023-23957
微软修复了Microsoft SharePoint中的一个权限提升漏洞,该漏洞可能使攻击者能够获得其他用户(包括管理员)的权限。
微软在公告中写道:“获得伪造JWT身份验证令牌访问权限的攻击者可以使用它们执行网络攻击,从而绕过身份验证,并允许他们获得已验证用户的权限。”
虽然微软报告称该漏洞被积极利用,但并没有说明它是如何被滥用的细节。
微软称是StarLabs SG的Jang (Nguyễn Tiến Giang) 发现了该漏洞。
CVE-2023-32031
这是一个允许通过身份验证的远程代码执行的Microsoft Exchange漏洞。
微软的公告中写道,“此漏洞的攻击者可以在任意或远程代码执行中以服务器帐户为目标。作为经过身份验证的用户,攻击者可以尝试通过网络调用在服务器帐户的上下文中触发恶意代码,”
微软还针对允许攻击者能够使用恶意编制的Excel和OneNote文档执行远程代码的漏洞发布了许多Microsoft Office更新。
这些漏洞被跟踪为CVE-2023-33133(Excel)、CVE-2023-3 3133(Excel)、CVE-023-3137(Excel),CVE-202323140(OneNote)和CVE-20233-3131(Outlook)。
OneNote和Outlook漏洞需要用户单击恶意文件或电子邮件中的链接来触发。
2023年6月的周二补丁安全更新
下面是2023年6月补丁星期二更新中已解决的漏洞和已发布公告的完整列表。
|
标签 |
CVE编号 |
漏洞名称 |
严重程度 |
|
.NET and Visual Studio |
CVE-2023-24895 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-33126 |
.NET and Visual Studio Remote Code Execution Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-24936 |
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
中危 |
|
.NET and Visual Studio |
CVE-2023-33135 |
.NET and Visual Studio Elevation of Privilege Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-32032 |
.NET and Visual Studio Elevation of Privilege Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-32030 |
.NET and Visual Studio Denial of Service Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-33128 |
.NET and Visual Studio Remote Code Execution Vulnerability |
高危 |
|
.NET and Visual Studio |
CVE-2023-24897 |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
严重 |
|
.NET Core |
CVE-2023-29331 |
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability |
高危 |
|
.NET Framework |
CVE-2023-29326 |
.NET Framework Remote Code Execution Vulnerability |
高危 |
|
ASP .NET |
CVE-2023-33141 |
Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability |
高危 |
|
Azure DevOps |
CVE-2023-21569 |
Azure DevOps Server Spoofing Vulnerability |
高危 |
|
Azure DevOps |
CVE-2023-21565 |
Azure DevOps Server Spoofing Vulnerability |
高危 |
|
Microsoft Dynamics |
CVE-2023-24896 |
Dynamics 365 Finance Spoofing Vulnerability |
高危 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2941 |
Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-33145 |
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
高危 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2937 |
Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2936 |
Chromium: CVE-2023-2936 Type Confusion in V8 |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2935 |
Chromium: CVE-2023-2935 Type Confusion in V8 |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2940 |
Chromium: CVE-2023-2940 Inappropriate implementation in Downloads |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2939 |
Chromium: CVE-2023-2939 Insufficient data validation in Installer |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2938 |
Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2931 |
Chromium: CVE-2023-2931 Use after free in PDF |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2930 |
Chromium: CVE-2023-2930 Use after free in Extensions |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2929 |
Chromium: CVE-2023-2929 Out of bounds write in Swiftshader |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2934 |
Chromium: CVE-2023-2934 Out of bounds memory access in Mojo |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2933 |
Chromium: CVE-2023-2933 Use after free in PDF |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-2932 |
Chromium: CVE-2023-2932 Use after free in PDF |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-3079 |
Chromium: CVE-2023-3079 Type Confusion in V8 |
未知 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-29345 |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
低危 |
|
Microsoft Edge (Chromium-based) |
CVE-2023-33143 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
中危 |
|
Microsoft Exchange Server |
CVE-2023-32031 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
高危 |
|
Microsoft Exchange Server |
CVE-2023-28310 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office |
CVE-2023-33146 |
Microsoft Office Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office Excel |
CVE-2023-33133 |
Microsoft Excel Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office Excel |
CVE-2023-32029 |
Microsoft Excel Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office Excel |
CVE-2023-33137 |
Microsoft Excel Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office OneNote |
CVE-2023-33140 |
Microsoft OneNote Spoofing Vulnerability |
高危 |
|
Microsoft Office Outlook |
CVE-2023-33131 |
Microsoft Outlook Remote Code Execution Vulnerability |
高危 |
|
Microsoft Office SharePoint |
CVE-2023-33142 |
Microsoft SharePoint Server Elevation of Privilege Vulnerability |
高危 |
|
Microsoft Office SharePoint |
CVE-2023-33129 |
Microsoft SharePoint Denial of Service Vulnerability |
高危 |
|
Microsoft Office SharePoint |
CVE-2023-33130 |
Microsoft SharePoint Server Spoofing Vulnerability |
高危 |
|
Microsoft Office SharePoint |
CVE-2023-33132 |
Microsoft SharePoint Server Spoofing Vulnerability |
高危 |
|
Microsoft Office SharePoint |
CVE-2023-29357 |
Microsoft SharePoint Server Elevation of Privilege Vulnerability |
严重 |
|
Microsoft Power Apps |
CVE-2023-32024 |
Microsoft Power Apps Spoofing Vulnerability |
高危 |
|
Microsoft Printer Drivers |
CVE-2023-32017 |
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability |
高危 |
|
Microsoft WDAC OLE DB provider for SQL |
CVE-2023-29372 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
高危 |
|
Microsoft Windows Codecs Library |
CVE-2023-29370 |
Windows Media Remote Code Execution Vulnerability |
高危 |
|
Microsoft Windows Codecs Library |
CVE-2023-29365 |
Windows Media Remote Code Execution Vulnerability |
高危 |
|
NuGet Client |
CVE-2023-29337 |
NuGet Client Remote Code Execution Vulnerability |
高危 |
|
Remote Desktop Client |
CVE-2023-29362 |
Remote Desktop Client Remote Code Execution Vulnerability |
高危 |
|
Remote Desktop Client |
CVE-2023-29352 |
Windows Remote Desktop Security Feature Bypass Vulnerability |
高危 |
|
Role: DNS Server |
CVE-2023-32020 |
Windows DNS Spoofing Vulnerability |
高危 |
|
SysInternals |
CVE-2023-29353 |
Sysinternals Process Monitor for Windows Denial of Service Vulnerability |
低危 |
|
Visual Studio |
CVE-2023-29007 |
GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` |
高危 |
|
Visual Studio |
CVE-2023-33139 |
Visual Studio Information Disclosure Vulnerability |
高危 |
|
Visual Studio |
CVE-2023-25652 |
GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write |
高危 |
|
Visual Studio |
CVE-2023-25815 |
GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place |
高危 |
|
Visual Studio |
CVE-2023-27911 |
AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior |
高危 |
|
Visual Studio |
CVE-2023-27910 |
AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior |
高危 |
|
Visual Studio |
CVE-2023-29011 |
GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing |
高危 |
|
Visual Studio |
CVE-2023-29012 |
GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists |
高危 |
|
Visual Studio |
CVE-2023-27909 |
AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior |
高危 |
|
Visual Studio Code |
CVE-2023-33144 |
Visual Studio Code Spoofing Vulnerability |
高危 |
|
Windows Authentication Methods |
CVE-2023-29364 |
Windows Authentication Elevation of Privilege Vulnerability |
高危 |
|
Windows Bus Filter Driver |
CVE-2023-32010 |
Windows Bus Filter Driver Elevation of Privilege Vulnerability |
高危 |
|
Windows Cloud Files Mini Filter Driver |
CVE-2023-29361 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
高危 |
|
Windows Collaborative Translation Framework |
CVE-2023-32009 |
Windows Collaborative Translation Framework Elevation of Privilege Vulnerability |
高危 |
|
Windows Container Manager Service |
CVE-2023-32012 |
Windows Container Manager Service Elevation of Privilege Vulnerability |
高危 |
|
Windows CryptoAPI |
CVE-2023-24937 |
Windows CryptoAPI Denial of Service Vulnerability |
高危 |
|
Windows CryptoAPI |
CVE-2023-24938 |
Windows CryptoAPI Denial of Service Vulnerability |
高危 |
|
Windows DHCP Server |
CVE-2023-29355 |
DHCP Server Service Information Disclosure Vulnerability |
高危 |
|
Windows Filtering |
CVE-2023-29368 |
Windows Filtering Platform Elevation of Privilege Vulnerability |
高危 |
|
Windows GDI |
CVE-2023-29358 |
Windows GDI Elevation of Privilege Vulnerability |
高危 |
|
Windows Geolocation Service |
CVE-2023-29366 |
Windows Geolocation Service Remote Code Execution Vulnerability |
高危 |
|
Windows Group Policy |
CVE-2023-29351 |
Windows Group Policy Elevation of Privilege Vulnerability |
高危 |
|
Windows Hello |
CVE-2023-32018 |
Windows Hello Remote Code Execution Vulnerability |
高危 |
|
Windows Hyper-V |
CVE-2023-32013 |
Windows Hyper-V Denial of Service Vulnerability |
严重 |
|
Windows Installer |
CVE-2023-32016 |
Windows Installer Information Disclosure Vulnerability |
高危 |
|
Windows iSCSI |
CVE-2023-32011 |
Windows iSCSI Discovery Service Denial of Service Vulnerability |
高危 |
|
Windows Kernel |
CVE-2023-32019 |
Windows Kernel Information Disclosure Vulnerability |
高危 |
|
Windows NTFS |
CVE-2023-29346 |
NTFS Elevation of Privilege Vulnerability |
高危 |
|
Windows ODBC Driver |
CVE-2023-29373 |
Microsoft ODBC Driver Remote Code Execution Vulnerability |
高危 |
|
Windows OLE |
CVE-2023-29367 |
iSCSI Target WMI Provider Remote Code Execution Vulnerability |
高危 |
|
Windows PGM |
CVE-2023-29363 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
严重 |
|
Windows PGM |
CVE-2023-32014 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
严重 |
|
Windows PGM |
CVE-2023-32015 |
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability |
严重 |
|
Windows Remote Procedure Call Runtime |
CVE-2023-29369 |
Remote Procedure Call Runtime Denial of Service Vulnerability |
高危 |
|
Windows Resilient File System (ReFS) |
CVE-2023-32008 |
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
高危 |
|
Windows Server Service |
CVE-2023-32022 |
Windows Server Service Security Feature Bypass Vulnerability |
高危 |
|
Windows SMB |
CVE-2023-32021 |
Windows SMB Witness Service Security Feature Bypass Vulnerability |
高危 |
|
Windows TPM Device Driver |
CVE-2023-29360 |
Windows TPM Device Driver Elevation of Privilege Vulnerability |
高危 |
|
Windows Win32K |
CVE-2023-29371 |
Windows GDI Elevation of Privilege Vulnerability |
高危 |
|
Windows Win32K |
CVE-2023-29359 |
GDI Elevation of Privilege Vulnerability |
高危 |
往期推荐
原文始发于微信公众号(360漏洞研究院):行业资讯|微软2023年6月补丁星期二安全更新
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论