【漏洞通告】微软多个高危漏洞

1.Win32k 特权提升漏洞 【CVE-2024-30038】

影响产品：

    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2016 (Server Core installation)
    Windows 11 Version 23H2 for ARM64-based Systems
    Windows 10 Version 22H2 for 32-bit Systems
    Windows 10 Version 22H2 for ARM64-based Systems
    Windows 11 version 21H2 for x64-based Systems
    Windows 10 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for ARM64-based Systems
    Windows 10 Version 21H2 for x64-based Systems
    Windows 10 Version 21H2 for ARM64-based Systems
    Windows 10 Version 21H2 for 32-bit Systems
    Windows 11 version 21H2 for ARM64-based Systems
    Windows Server 2016
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows 10 for x64-based Systems
    Windows 10 for 32-bit Systems
    Windows Server 2022
    23H2 Edition (Server Core installation)
    Windows 11 Version 23H2 for x64-based Systems
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    Windows 10 Version 1809 for ARM64-based Systems
    Windows 10 Version 1809 for x64-based Systems
    Windows 10 Version 1809 for 32-bit Systems

漏洞描述：

Win32k特权提升漏洞,目前暂无该漏洞信息，请随时关注Microsoft厂商公告
              
参考链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038

2.Windows 远程访问连接管理器信息泄露漏洞 【CVE-2024-30039】

影响产品:
    Windows Server 2008 R2 for x64-based Systems Service Pack 1
    Windows 10 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for x64-based Systems
    Windows 11 Version 22H2 for ARM64-based Systems
    Windows 10 Version 21H2 for x64-based Systems
    Windows 10 Version 21H2 for ARM64-based Systems
    Windows 10 Version 21H2 for 32-bit Systems
    Windows 10 Version 1809 for x64-based Systems
    Windows 10 Version 1809 for 32-bit Systems
    Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
    Windows 10 for x64-based Systems
    Windows 10 for 32-bit Systems
    Windows Server 2022
    23H2 Edition (Server Core installation)
    Windows 11 Version 23H2 for x64-based Systems
    Windows 11 Version 23H2 for ARM64-based Systems
    Windows 10 Version 22H2 for 32-bit Systems
    Windows 10 Version 22H2 for ARM64-based Systems
    Windows Server 2008 for x64-based Systems Service Pack 2
    Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
    Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2016 (Server Core installation)
    Windows Server 2016
    Windows 10 Version 1607 for x64-based Systems
    Windows 10 Version 1607 for 32-bit Systems
    Windows Server 2012 R2 (Server Core installation)
    Windows Server 2012 R2
    Windows Server 2012 (Server Core installation)
    Windows Server 2012
    Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
    Windows 11 version 21H2 for ARM64-based Systems
    Windows 11 version 21H2 for x64-based Systems
    Windows Server 2022 (Server Core installation)
    Windows Server 2022
    Windows Server 2019 (Server Core installation)
    Windows Server 2019
    Windows 10 Version 1809 for ARM64-based Systems

漏洞描述:
Windows 远程访问连接管理器信息泄露漏洞,目前暂无该漏洞信息，请随时关注Microsoft厂商公告
              
参考链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039

3.Windows MSHTML 平台安全功能绕过漏洞 【CVE-2024-30040】
    
影响产品:
Microsoft Windows 10 Version 1809 10.0.0
Microsoft Windows Server 2019 10.0.0
Microsoft Windows Server 2019 (Server Core installation) 10.0.0
Microsoft Windows Server 2022 10.0.0
Microsoft Windows 11 version 21H2 10.0.0
Microsoft Windows 10 Version 21H2 10.0.0
Microsoft Windows 11 version 22H2 10.0.0
Microsoft Windows 10 Version 22H2 10.0.0
Microsoft Windows 11 version 22H3 10.0.0
Microsoft Windows 11 Version 23H2 10.0.0
Microsoft Windows Server 2022
23H2 Edition (Server Core installation) 10.0.0
Microsoft Windows 10 Version 1507 10.0.0
Microsoft Windows 10 Version 1607 10.0.0
Microsoft Windows Server 2016 10.0.0
Microsoft Windows Server 2016 (Server Core installation) 10.0.0

漏洞描述:
Windows MSHTML 平台安全功能绕过漏洞,目前暂无该漏洞信息，请随时关注Microsoft厂商公告
              
漏洞解决方案:
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches. See references
              
参考链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

4.Microsoft Excel 远程执行代码漏洞   【CVE-2024-30042】

影响产品：
Microsoft Excel 2016 (64-bit edition)
Microsoft Excel 2016 (32-bit edition)
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Office Online Server

漏洞描述:
Microsoft Excel 远程执行代码漏洞,目前暂无该漏洞信息，请随时关注Microsoft厂商公告
              
参考链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042

5.Microsoft SharePoint Server 远程执行代码漏洞 【CVE-2024-30044】
影响产品:
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016

漏洞描述:
Microsoft SharePoint Server 远程执行代码漏洞,目前暂无该漏洞信息，请随时关注Microsoft厂商公告
              
参考链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044

原文始发于微信公众号（飓风网络安全）：【漏洞通告】微软多个高危漏洞