近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞74个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Exchange Server 安全漏洞(CNNVD-202308-737、CVE-2023-21709)、Microsoft Message Queuing 安全漏洞(CNNVD-202308-734、CVE-2023-35385)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。
目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年8月8日,微软发布了2023年8月份安全更新,共75个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Dynamics 365、Microsoft Windows Mobile Device Management、Microsoft Windows HTML Platform、Microsoft Windows Cryptographic Services、Microsoft Azure等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞48个,中危漏洞23个。
微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括73个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞47个,中危漏洞22个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-737 |
CVE-2023-21709 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 |
|
2 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-734 |
CVE-2023-35385 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35385 |
|
3 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-693 |
CVE-2023-36910 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36910 |
|
4 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-691 |
CVE-2023-36911 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36911 |
|
5 |
Microsoft Teams 安全漏洞 |
CNNVD-202308-678 |
CVE-2023-29328 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328 |
|
6 |
Microsoft Teams 安全漏洞 |
CNNVD-202308-679 |
CVE-2023-29330 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330 |
|
7 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202308-682 |
CVE-2023-35359 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35359 |
|
8 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-683 |
CVE-2023-35368 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368 |
|
9 |
Microsoft Office 安全漏洞 |
CNNVD-202308-744 |
CVE-2023-35371 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371 |
|
10 |
Microsoft Office Visio 安全漏洞 |
CNNVD-202308-747 |
CVE-2023-35372 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372 |
|
11 |
Microsoft Projected File System 安全漏洞 |
CNNVD-202308-719 |
CVE-2023-35378 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35378 |
|
12 |
Microsoft Windows 安全漏洞 |
CNNVD-202308-718 |
CVE-2023-35379 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35379 |
|
13 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202308-720 |
CVE-2023-35380 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35380 |
|
14 |
Microsoft Windows Fax Service 安全漏洞 |
CNNVD-202308-721 |
CVE-2023-35381 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35381 |
|
15 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202308-722 |
CVE-2023-35382 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35382 |
|
16 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-724 |
CVE-2023-35383 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35383 |
|
17 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202308-739 |
CVE-2023-35386 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35386 |
|
18 |
Microsoft Windows Bluetooth A2DP driver 安全漏洞 |
CNNVD-202308-743 |
CVE-2023-35387 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35387 |
|
19 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-750 |
CVE-2023-35388 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388 |
|
20 |
Microsoft .NET和Visual Studio 安全漏洞 |
CNNVD-202308-749 |
CVE-2023-35390 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390 |
|
21 |
Microsoft ASP.NET Core和Visual Studio 安全漏洞 |
CNNVD-202308-660 |
CVE-2023-35391 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 |
|
22 |
Microsoft Office Visio 安全漏洞 |
CNNVD-202308-685 |
CVE-2023-36865 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865 |
|
23 |
Microsoft Office Visio 安全漏洞 |
CNNVD-202308-687 |
CVE-2023-36866 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866 |
|
24 |
Microsoft .NET Framework 安全漏洞 |
CNNVD-202308-659 |
CVE-2023-36873 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873 |
|
25 |
Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞 |
CNNVD-202308-692 |
CVE-2023-36876 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876 |
|
26 |
Microsoft OLE DB Provider for SQL Server 安全漏洞 |
CNNVD-202308-694 |
CVE-2023-36882 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36882 |
|
27 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202308-710 |
CVE-2023-36891 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891 |
|
28 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202308-714 |
CVE-2023-36892 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892 |
|
29 |
Microsoft Outlook 安全漏洞 |
CNNVD-202308-713 |
CVE-2023-36895 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895 |
|
30 |
Microsoft Excel 安全漏洞 |
CNNVD-202308-707 |
CVE-2023-36896 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36896 |
|
31 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202308-706 |
CVE-2023-36897 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 |
|
32 |
Microsoft Tablet Windows User Interface 安全漏洞 |
CNNVD-202308-702 |
CVE-2023-36898 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898 |
|
33 |
Microsoft ASP.NET Core 安全漏洞 |
CNNVD-202308-658 |
CVE-2023-36899 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899 |
|
34 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202308-705 |
CVE-2023-36900 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36900 |
|
35 |
Microsoft Windows System Assessment Tool 安全漏洞 |
CNNVD-202308-703 |
CVE-2023-36903 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903 |
|
36 |
Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 |
CNNVD-202308-704 |
CVE-2023-36904 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36904 |
|
37 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-690 |
CVE-2023-36912 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36912 |
|
38 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202308-684 |
CVE-2023-38154 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38154 |
|
39 |
Microsoft Dynamics Business Central 安全漏洞 |
CNNVD-202308-681 |
CVE-2023-38167 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167 |
|
40 |
Microsoft OLE DB Provider for SQL Server 安全漏洞 |
CNNVD-202308-701 |
CVE-2023-38169 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 |
|
41 |
Microsoft HEVC Video Extensions 安全漏洞 |
CNNVD-202308-676 |
CVE-2023-38170 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38170 |
|
42 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-677 |
CVE-2023-38172 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38172 |
|
43 |
Microsoft Windows Defender 安全漏洞 |
CNNVD-202308-675 |
CVE-2023-38175 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175 |
|
44 |
Microsoft Azure Arc 安全漏洞 |
CNNVD-202308-674 |
CVE-2023-38176 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176 |
|
45 |
Microsoft .NET Core和Visual Studio 安全漏洞 |
CNNVD-202308-673 |
CVE-2023-38178 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 |
|
46 |
Microsoft .NET和Visual Studio 安全漏洞 |
CNNVD-202308-657 |
CVE-2023-38180 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 |
|
47 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-672 |
CVE-2023-38181 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181 |
|
48 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-671 |
CVE-2023-38182 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182 |
|
49 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202308-670 |
CVE-2023-38184 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38184 |
|
50 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-669 |
CVE-2023-38185 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 |
|
51 |
Microsoft Windows Mobile Device Management 安全漏洞 |
CNNVD-202308-668 |
CVE-2023-38186 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38186 |
|
52 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-711 |
CVE-2023-35376 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35376 |
|
53 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-716 |
CVE-2023-35377 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35377 |
|
54 |
Microsoft Windows HTML Platform 安全漏洞 |
CNNVD-202308-725 |
CVE-2023-35384 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35384 |
|
55 |
Microsoft Dynamics 365 安全漏洞 |
CNNVD-202308-746 |
CVE-2023-35389 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35389 |
|
56 |
Microsoft Azure 安全漏洞 |
CNNVD-202308-748 |
CVE-2023-35393 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393 |
|
57 |
Microsoft Azure 安全漏洞 |
CNNVD-202308-745 |
CVE-2023-35394 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35394 |
|
58 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202308-689 |
CVE-2023-36869 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 |
|
59 |
Microsoft Azure 安全漏洞 |
CNNVD-202308-717 |
CVE-2023-36877 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877 |
|
60 |
Microsoft Azure 安全漏洞 |
CNNVD-202308-715 |
CVE-2023-36881 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881 |
|
61 |
Microsoft Windows Group Policy 安全漏洞 |
CNNVD-202308-697 |
CVE-2023-36889 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36889 |
|
62 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202308-712 |
CVE-2023-36890 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890 |
|
63 |
Microsoft Outlook 安全漏洞 |
CNNVD-202308-709 |
CVE-2023-36893 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893 |
|
64 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202308-708 |
CVE-2023-36894 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894 |
|
65 |
Microsoft Windows Wireless Networking 安全漏洞 |
CNNVD-202308-700 |
CVE-2023-36905 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36905 |
|
66 |
Microsoft Windows Cryptographic Services 安全漏洞 |
CNNVD-202308-699 |
CVE-2023-36906 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36906 |
|
67 |
Microsoft Windows Cryptographic Services 安全漏洞 |
CNNVD-202308-698 |
CVE-2023-36907 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36907 |
|
68 |
Microsoft Hyper-V 安全漏洞 |
CNNVD-202308-696 |
CVE-2023-36908 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36908 |
|
69 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-695 |
CVE-2023-36909 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909 |
|
70 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-688 |
CVE-2023-36913 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36913 |
|
71 |
Microsoft Windows Windows Smart Card Resource Management Server 安全漏洞 |
CNNVD-202308-686 |
CVE-2023-36914 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36914 |
|
72 |
Microsoft Azure 安全漏洞 |
CNNVD-202308-667 |
CVE-2023-38188 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38188 |
|
73 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202308-666 |
CVE-2023-38254 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38254 |
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Office 安全漏洞 |
CNNVD-202307-797 |
CVE-2023-36884 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 |
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
AMD CPUs 安全漏洞 |
CNNVD-202308-733 |
CVE-2023-20569 |
中危 |
AMD |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-20569 |
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
转载自:CNNVD
原文始发于微信公众号(网络威胁数据联盟):关于微软多个安全漏洞的通报
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论