扫码订阅《中国信息安全》杂志
权威刊物 重要平台 关键渠道
邮发代号 2-786
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞109个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Windows Network File System 代码注入漏洞(CNNVD-202204-3112、CVE-2022-24491)、Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞(CNNVD-202204-3019、CVE-2022-26809)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年4月13日,微软发布了2022年4月份安全更新,共111个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows组件、Microsoft Windows SMB Server、MicrosoftWindows App Store、Microsoft .NET等。CNNVD对其危害等级进行了评价,其中超危漏洞2个,高危漏洞60个,中危漏洞49个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括108个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞59个,中危漏洞47个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Windows Network File System 代码注入漏洞 |
CNNVD-202204-3112 |
CVE-2022-24491 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491 |
|
2 |
Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 |
CNNVD-202204-3019 |
CVE-2022-26809 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809 |
|
3 |
Microsoft Dynamics 输入验证错误漏洞 |
CNNVD-202204-3184 |
CVE-2022-23259 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23259 |
|
4 |
Microsoft Office 代码注入漏洞 |
CNNVD-202204-3104 |
CVE-2022-24473 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473 |
|
5 |
Microsoft Win32K 权限许可和访问控制问题漏洞 |
CNNVD-202204-3107 |
CVE-2022-24474 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24474 |
|
6 |
Microsoft Windows Common Log File System Driver 权限许可和访问控制问题漏洞 |
CNNVD-202204-3200 |
CVE-2022-24481 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24481 |
|
7 |
Microsoft Windows SMB Server 代码注入漏洞 |
CNNVD-202204-3109 |
CVE-2022-24485 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24485 |
|
8 |
Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞 |
CNNVD-202204-3201 |
CVE-2022-24486 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24486 |
|
9 |
Microsoft Windows Local Security Authority Subsystem Service 输入验证错误漏洞 |
CNNVD-202204-3196 |
CVE-2022-24487 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24487 |
|
10 |
Microsoft Windows 权限许可和访问控制问题漏洞 |
CNNVD-202204-3189 |
CVE-2022-24489 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24489 |
|
11 |
Microsoft Hyper-V 信息泄露漏洞 |
CNNVD-202204-3119 |
CVE-2022-24490 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24490 |
|
12 |
Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 |
CNNVD-202204-3113 |
CVE-2022-24492 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492 |
|
13 |
Microsoft Windows Local Security Authority Subsystem Service 权限许可和访问控制问题漏洞 |
CNNVD-202204-3136 |
CVE-2022-24496 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24496 |
|
14 |
Microsoft Windows SMB Server 输入验证错误漏洞 |
CNNVD-202204-3116 |
CVE-2022-24500 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500 |
|
15 |
Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 |
CNNVD-202204-3110 |
CVE-2022-24528 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528 |
|
16 |
Microsoft Windows Codecs Library 输入验证错误漏洞 |
CNNVD-202204-3186 |
CVE-2022-24532 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24532 |
|
17 |
Microsoft Windows rdp 代码注入漏洞 |
CNNVD-202204-3100 |
CVE-2022-24533 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24533 |
|
18 |
Microsoft Windows SMB Server 安全漏洞 |
CNNVD-202204-3099 |
CVE-2022-24534 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24534 |
|
19 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3098 |
CVE-2022-24536 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24536 |
|
20 |
Microsoft Hyper-V 安全漏洞 |
CNNVD-202204-3097 |
CVE-2022-24537 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24537 |
|
21 |
Microsoft Hyper-V 信息泄露漏洞 |
CNNVD-202204-3095 |
CVE-2022-24539 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24539 |
|
22 |
Microsoft Windows ALPC 竞争条件问题漏洞 |
CNNVD-202204-3088 |
CVE-2022-24540 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24540 |
|
23 |
Microsoft Windows SMB Server 输入验证错误漏洞 |
CNNVD-202204-3087 |
CVE-2022-24541 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24541 |
|
24 |
Microsoft Windows 输入验证错误漏洞 |
CNNVD-202204-3126 |
CVE-2022-24543 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24543 |
|
25 |
Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞 |
CNNVD-202204-3085 |
CVE-2022-24544 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24544 |
|
26 |
Microsoft Windows输入验证错误漏洞 |
CNNVD-202204-3084 |
CVE-2022-24545 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24545 |
|
27 |
Microsoft Windows AppX Deployment Extensions权限许可和访问控制问题漏洞 |
CNNVD-202204-3072 |
CVE-2022-24549 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24549 |
|
28 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3054 |
CVE-2022-26789 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26789 |
|
29 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3050 |
CVE-2022-26790 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26790 |
|
30 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3052 |
CVE-2022-26791 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26791 |
|
31 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3045 |
CVE-2022-26792 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26792 |
|
32 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3042 |
CVE-2022-26795 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795 |
|
33 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3041 |
CVE-2022-26796 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26796 |
|
34 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3033 |
CVE-2022-26797 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26797 |
|
35 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3032 |
CVE-2022-26798 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26798 |
|
36 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3031 |
CVE-2022-26801 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26801 |
|
37 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3030 |
CVE-2022-26802 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26802 |
|
38 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3029 |
CVE-2022-26803 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26803 |
|
39 |
Microsoft Windows Work Folder Service 竞争条件问题漏洞 |
CNNVD-202204-3021 |
CVE-2022-26807 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26807 |
|
40 |
Microsoft Windows File Explorer 权限许可和访问控制问题漏洞 |
CNNVD-202204-3020 |
CVE-2022-26808 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26808 |
|
41 |
Microsoft Windows File Explorer权限许可和访问控制问题漏洞 |
CNNVD-202204-3018 |
CVE-2022-26810 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26810 |
|
42 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3017 |
CVE-2022-26811 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26811 |
|
43 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3015 |
CVE-2022-26812 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26812 |
|
44 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3006 |
CVE-2022-26813 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26813 |
|
45 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3004 |
CVE-2022-26815 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26815 |
|
46 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2989 |
CVE-2022-26823 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26823 |
|
47 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2986 |
CVE-2022-26824 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26824 |
|
48 |
Microsoft Windows SMB Server 输入验证错误漏洞 |
CNNVD-202204-3055 |
CVE-2022-26830 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26830 |
|
49 |
Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞 |
CNNVD-202204-2965 |
CVE-2022-26831 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26831 |
|
50 |
Microsoft .NET Framework输入验证错误漏洞 |
CNNVD-202204-3008 |
CVE-2022-26832 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26832 |
|
51 |
Microsoft Azure Site Recovery 输入验证错误漏洞 |
CNNVD-202204-3220 |
CVE-2022-26898 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26898 |
|
52 |
Microsoft Office 代码注入漏洞 |
CNNVD-202204-3106 |
CVE-2022-26901 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901 |
|
53 |
Microsoft Graphics Components 输入验证错误漏洞 |
CNNVD-202204-3066 |
CVE-2022-26903 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26903 |
|
54 |
Microsoft Windows 竞争条件问题漏洞 |
CNNVD-202204-2936 |
CVE-2022-26904 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904 |
|
55 |
Microsoft Windows 输入验证错误漏洞 |
CNNVD-202204-2953 |
CVE-2022-26915 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26915 |
|
56 |
Microsoft Windows Fax services 输入验证错误漏洞 |
CNNVD-202204-2948 |
CVE-2022-26916 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26916 |
|
57 |
Microsoft Windows Fax services输入验证错误漏洞 |
CNNVD-202204-2949 |
CVE-2022-26917 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26917 |
|
58 |
Microsoft Windows Fax services输入验证错误漏洞 |
CNNVD-202204-2950 |
CVE-2022-26918 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26918 |
|
59 |
Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞 |
CNNVD-202204-2946 |
CVE-2022-26919 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26919 |
|
60 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202204-3290 |
CVE-2022-26921 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26921 |
|
61 |
Microsoft YARP reverse proxy 安全漏洞 |
CNNVD-202204-3292 |
CVE-2022-26924 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26924 |
|
62 |
Microsoft Office 安全漏洞 |
CNNVD-202204-3194 |
CVE-2022-24472 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472 |
|
63 |
Microsoft Windows Feedback Hub 权限许可和访问控制问题漏洞 |
CNNVD-202204-3198 |
CVE-2022-24479 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479 |
|
64 |
Microsoft Windows Kernel 信息泄露漏洞 |
CNNVD-202204-3188 |
CVE-2022-24483 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24483 |
|
65 |
Microsoft Windows 输入验证错误漏洞 |
CNNVD-202204-3108 |
CVE-2022-24484 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24484 |
|
66 |
Microsoft Windows App Store 权限许可和访问控制问题漏洞 |
CNNVD-202204-3192 |
CVE-2022-24488 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24488 |
|
67 |
Microsoft Local Security Authority Server 信息泄露漏洞 |
CNNVD-202204-3130 |
CVE-2022-24493 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24493 |
|
68 |
Microsoft Windows Ancillary Function Driver for WinSock 权限许可和访问控制问题漏洞 |
CNNVD-202204-3128 |
CVE-2022-24494 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24494 |
|
69 |
Microsoft Windows Media Foundation 输入验证错误漏洞 |
CNNVD-202204-3123 |
CVE-2022-24495 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24495 |
|
70 |
Microsoft Windows 信息泄露漏洞 |
CNNVD-202204-3121 |
CVE-2022-24498 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24498 |
|
71 |
Microsoft Windows Installer 权限许可和访问控制问题漏洞 |
CNNVD-202204-3117 |
CVE-2022-24499 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24499 |
|
72 |
Microsoft Windows 权限许可和访问控制问题漏洞 |
CNNVD-202204-3114 |
CVE-2022-24527 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24527 |
|
73 |
Microsoft Windows Installer 权限许可和访问控制问题漏洞 |
CNNVD-202204-3105 |
CVE-2022-24530 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24530 |
|
74 |
Microsoft Windows Cluster Shared Volume 输入验证错误漏洞 |
CNNVD-202204-3096 |
CVE-2022-24538 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24538 |
|
75 |
Microsoft Win32K 权限许可和访问控制问题漏洞 |
CNNVD-202204-3086 |
CVE-2022-24542 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24542 |
|
76 |
Microsoft DWM Core Library 权限许可和访问控制问题漏洞 |
CNNVD-202204-3083 |
CVE-2022-24546 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24546 |
|
77 |
Microsoft Windows 权限许可和访问控制问题漏洞 |
CNNVD-202204-3073 |
CVE-2022-24547 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24547 |
|
78 |
Microsoft Windows Defender 输入验证错误漏洞 |
CNNVD-202204-3203 |
CVE-2022-24548 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24548 |
|
79 |
Microsoft Windows权限许可和访问控制问题漏洞 |
CNNVD-202204-3071 |
CVE-2022-24550 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24550 |
|
80 |
Git for Windows 代码问题漏洞 |
CNNVD-202204-3058 |
CVE-2022-24767 |
中危 |
https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3 |
|
81 |
Microsoft Hyper-V信息泄露漏洞 |
CNNVD-202204-3070 |
CVE-2022-26783 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26783 |
|
82 |
Microsoft Windows Cluster Shared Volume输入验证错误漏洞 |
CNNVD-202204-3069 |
CVE-2022-26784 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26784 |
|
83 |
Microsoft Hyper-V 信息泄露漏洞 |
CNNVD-202204-3068 |
CVE-2022-26785 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26785 |
|
84 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3053 |
CVE-2022-26786 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26786 |
|
85 |
Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 |
CNNVD-202204-3067 |
CVE-2022-26787 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26787 |
|
86 |
Microsoft PowerShell Utility 权限许可和访问控制问题漏洞 |
CNNVD-202204-3062 |
CVE-2022-26788 |
中危 |
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26788 |
|
87 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3044 |
CVE-2022-26793 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26793 |
|
88 |
Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 |
CNNVD-202204-3043 |
CVE-2022-26794 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26794 |
|
89 |
Microsoft Windows Active Directory 代码注入漏洞 |
CNNVD-202204-3005 |
CVE-2022-26814 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26814 |
|
90 |
Microsoft DNS Server 信息泄露漏洞 |
CNNVD-202204-3007 |
CVE-2022-26816 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26816 |
|
91 |
Microsoft Windows Active Directory 代码注入漏洞 |
CNNVD-202204-3002 |
CVE-2022-26817 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26817 |
|
92 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-3003 |
CVE-2022-26818 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26818 |
|
93 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2992 |
CVE-2022-26819 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26819 |
|
94 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2991 |
CVE-2022-26820 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26820 |
|
95 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2990 |
CVE-2022-26821 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26821 |
|
96 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2988 |
CVE-2022-26822 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26822 |
|
97 |
Microsoft DNS Server代码注入漏洞 |
CNNVD-202204-2971 |
CVE-2022-26825 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26825 |
|
98 |
Microsoft DNS Server 代码注入漏洞 |
CNNVD-202204-2972 |
CVE-2022-26826 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26826 |
|
99 |
Microsoft Windows File Server 竞争条件问题漏洞 |
CNNVD-202204-2970 |
CVE-2022-26827 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26827 |
|
100 |
Microsoft Bluetooth Driver 竞争条件问题漏洞 |
CNNVD-202204-2969 |
CVE-2022-26828 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26828 |
|
101 |
Microsoft DNS Server代码注入漏洞 |
CNNVD-202204-2968 |
CVE-2022-26829 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829 |
|
102 |
Microsoft Azure Site Recovery 信息泄露漏洞 |
CNNVD-202204-3222 |
CVE-2022-26896 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896 |
|
103 |
Microsoft Azure Site Recovery 信息泄露漏洞 |
CNNVD-202204-3218 |
CVE-2022-26897 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26897 |
|
104 |
Microsoft Azure SDK 信息泄露漏洞 |
CNNVD-202204-3252 |
CVE-2022-26907 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907 |
|
105 |
Microsoft Skype 安全漏洞 |
CNNVD-202204-3074 |
CVE-2022-26910 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26910 |
|
106 |
Microsoft Skype for Business Server 信息泄露漏洞 |
CNNVD-202204-3195 |
CVE-2022-26911 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911 |
|
107 |
Microsoft Win32k 权限许可和访问控制问题漏洞 |
CNNVD-202204-2956 |
CVE-2022-26914 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26914 |
|
108 |
Microsoft Graphics Components 信息泄露漏洞 |
CNNVD-202204-2976 |
CVE-2022-26920 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26920 |
此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Visual Studio 权限许可和访问控制问题漏洞 |
CNNVD-202112-1181 |
CVE-2021-43877 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877 |
此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Google brotli Library 缓冲区错误漏洞 |
CNNVD-202009-910 |
CVE-2020-8927 |
中危 |
|
https://github.com/google/brotli/releases/tag/v1.0 |
|
2 |
Git for Windows 代码问题漏洞 |
CNNVD-202204-2943 |
CVE-2022-24765 |
中危 |
个人开发者 |
https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: [email protected]
(来源:CNNVD)
更多信息安全资讯
请关注“中国信息安全”
原文始发于微信公众号(中国信息安全):CNNVD | 关于微软多个安全漏洞的通报
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论