Microsoft发布
2022年12月14日,360CERT监测发现微软发布了2022年12月份漏洞安全更新,事件等级:严重,事件评分:10.0。
此次安全更新发布了52个漏洞的补丁,主要覆盖了以下组件:Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server;.NET framework等等。其中包含6个严重漏洞,43个高危漏洞。
漏洞描述
CVE-2022-44698 :Windows SmartScreen 安全特性绕过漏洞
组件: Windows SmartScreen
漏洞类型: 安全功能绕过
影响: 安全功能绕过
简述: 该漏洞存在于Windows SmartScreen中,可以创建一个文件,以远程逃避Web检测的标记,因此绕过了Microsoft Office中受保护视图之类的安全功能。
CVE-2022-41076: Windows PowerShell 远程代码执行漏洞
组件: Windows PowerShell
漏洞类型: 代码执行
影响: 远程代码执行
简述: 该漏洞存在于Windows PowerShell中,这个严重级别的漏洞可能允许经过身份验证的用户绕过 PowerShell 远程会话配置并在受影响的系统上运行未经批准的命令。
CVE-2022-44699: Azure Network Watcher 代理安全功能绕过漏洞
组件: Azure Network Watcher
漏洞类型: 代码执行
影响: 远程代码执行
简述: 该漏洞存在于Azure Network Watcher中,攻击者利用该漏洞可以终止来自网络监控器代理的包捕获。
CVE-2022-44713: Microsoft Outlook for Mac 欺骗漏洞
组件: Microsoft Outlook for Mac
漏洞类型: 欺骗漏洞
影响: 欺骗用户
简述: 该漏洞存在于Microsoft Outlook for Mac中,此漏洞可能允许攻击者在不应出现的情况下显示为受信任的用户。
影响范围
CVE-2022-41091
-
- Windows Server 2022 Datacenter: Azure Edition
-
- Windows Server 2022
-
- Windows Server 2019
-
- Windows Server 2016
-
- Windows 11 for x64-based Systems
-
- Windows 11 for ARM64-based Systems
-
- Windows 10 Version 22H2 for x64-based Systems
-
- Windows 10 Version 22H2 for ARM64-based Systems
-
- Windows 10 Version 22H2 for 32-bit Systems
-
- Windows 10 Version 21H2 for x64-based Systems
-
- Windows 10 Version 21H2 for ARM64-based Systems
-
- Windows 10 Version 21H2 for 32-bit Systems
-
- Windows 10 Version 21H1 for x64-based Systems
-
- Windows 10 Version 21H1 for ARM64-based Systems
-
- Windows 10 Version 21H1 for 32-bit Systems
-
- Windows 10 Version 20H2 for x64-based Systems
-
- Windows 10 Version 20H2 for ARM64-based Systems
-
- Windows 10 Version 20H2 for 32-bit Systems
-
- Windows 10 Version 1809 for x64-based Systems
-
- Windows 10 Version 1809 for ARM64-based Systems
-
- Windows 10 Version 1809 for 32-bit Systems
-
- Windows 10 Version 1607 for x64-based Systems
-
- Windows 10 Version 1607 for 32-bit Systems
CVE-2022-44713
-
- Microsoft Office LTSC for Mac 2021
-
- Microsoft Office 2019 for Mac
CVE-2022-41076
-
- Windows Server 2022 Datacenter: Azure Edition
-
- Windows Server 2022 (Server Core installation)
-
- Windows Server 2022
-
- Windows Server 2019 (Server Core installation)
-
- Windows Server 2019
-
- Windows Server 2016 (Server Core installation)
-
- Windows Server 2016
-
- Windows Server 2012 R2 (Server Core installation)
-
- Windows Server 2012 R2
-
- Windows Server 2012 (Server Core installation)
-
- Windows Server 2012
-
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
-
- Windows Server 2008 for x64-based Systems Service Pack 2
-
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
-
- Windows Server 2008 for 32-bit Systems Service Pack 2
-
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
-
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
-
- Windows RT 8.1
-
- Windows 8.1 for x64-based systems
-
- Windows 8.1 for 32-bit systems
-
- Windows 7 for x64-based Systems Service Pack 1
-
- Windows 7 for 32-bit Systems Service Pack 1
-
- Windows 11 for x64-based Systems
-
- Windows 11 for ARM64-based Systems
-
- Windows 11 Version 22H2 for x64-based Systems
-
- Windows 11 Version 22H2 for ARM64-based Systems
-
- Windows 10 for x64-based Systems
-
- Windows 10 for 32-bit Systems
-
- Windows 10 Version 22H2 for x64-based Systems
-
- Windows 10 Version 22H2 for ARM64-based Systems
-
- Windows 10 Version 22H2 for 32-bit Systems
-
- Windows 10 Version 21H2 for x64-based Systems
-
- Windows 10 Version 21H2 for ARM64-based Systems
-
- Windows 10 Version 21H2 for 32-bit Systems
-
- Windows 10 Version 21H1 for x64-based Systems
-
- Windows 10 Version 21H1 for ARM64-based Systems
-
- Windows 10 Version 21H1 for 32-bit Systems
-
- Windows 10 Version 20H2 for x64-based Systems
-
- Windows 10 Version 20H2 for ARM64-based Systems
-
- Windows 10 Version 20H2 for 32-bit Systems
-
- Windows 10 Version 1809 for x64-based Systems
-
- Windows 10 Version 1809 for ARM64-based Systems
-
- Windows 10 Version 1809 for 32-bit Systems
-
- Windows 10 Version 1607 for x64-based Systems
-
- Windows 10 Version 1607 for 32-bit Systems
-
- PowerShell 7.3
-
- PowerShell 7.2
CVE-2022-44699
-
- Azure Network Watcher VM Extension
修复建议
官方已发布漏洞修复更新,鼎信安全建议您及时升级至安全版本避免安全风险。
注:企业生产环境部署补丁前,建议进行充分测试,避免出现意外。
附:
补丁链接:https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
【联系方式】
河南省鼎信信息安全等级测评有限公司
Henan DingXin Information Security Service Co.,Ltd
联系人:潘伟
电话:18603856066
地址:黄河科技大厦9栋7楼 邮编:450001
原文始发于微信公众号(鼎信安全):Microsoft发布2022年12月漏洞安全更新
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论