CNNVD关于微软多个安全漏洞的通报(更新版)

admin
admin
admin
138643
文章
114
评论
2022年4月20日16:41:35评论292 views字数 17694阅读58分58秒阅读模式


近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞118个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Windows Network File System代码注入漏洞(CNNVD-202204-3112、CVE-2022-24491)、Microsoft Windows RemoteProcedure Call Runtime 代码注入漏洞(CNNVD-202204-3019、CVE-2022-26809)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2022年4月19日,微软发布了2022年4月份安全更新,共120个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Lightweight DirectoryAccess、Microsoft DNS、MicrosoftDynamics 365和Microsoft Dynamics、Microsoft Windows Local Security Authority Subsystem Service、Microsoft Windows File等。CNNVD对其危害等级进行了评价,其中超危漏洞2个,高危漏洞88个,中危漏洞30个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问
https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括116个漏洞的补丁程序,其中超危漏洞2个,高危漏洞87个,中危漏洞27个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows Network File System代码注入漏洞

CNNVD-202204-3112

CVE-2022-24491

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491

2

Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞

CNNVD-202204-3019

CVE-2022-26809

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809

3

Microsoft Windows SMB Server 安全漏洞

CNNVD-202204-3175

CVE-2022-21983

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21983

4

Microsoft Hyper-V安全漏洞

CNNVD-202204-3171

CVE-2022-22008

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22008

5

Microsoft Hyper-V安全漏洞

CNNVD-202204-3172

CVE-2022-22009

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22009

6

Microsoft Hyper-V安全漏洞

CNNVD-202204-3177

CVE-2022-23257

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23257

7

Microsoft Dynamics 365和Microsoft Dynamics 输入验证错误漏洞

CNNVD-202204-3184

CVE-2022-23259

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23259

8

Microsoft Office Sharepoint Server安全漏洞

CNNVD-202204-3194

CVE-2022-24472

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472

9

Microsoft Excel 代码注入漏洞

CNNVD-202204-3104

CVE-2022-24473

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473

10

Microsoft Win32K 权限许可和访问控制问题漏洞

CNNVD-202204-3107

CVE-2022-24474

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24474

11

Microsoft Windows Feedback Hub 权限许可和访问控制问题漏洞

CNNVD-202204-3198

CVE-2022-24479

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479

12

Microsoft Windows Common Log File System Driver权限许可和访问控制问题漏洞

CNNVD-202204-3200

CVE-2022-24481

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24481

13

Microsoft Windows SMB Server 代码注入漏洞

CNNVD-202204-3109

CVE-2022-24485

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24485

14

Microsoft Kerberos for Windows权限许可和访问控制问题漏洞

CNNVD-202204-3201

CVE-2022-24486

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24486

15

Microsoft Windows Local Security Authority  Subsystem Service输入验证错误漏洞

CNNVD-202204-3196

CVE-2022-24487

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24487

16

Microsoft Windows App Store 权限许可和访问控制问题漏洞

CNNVD-202204-3192

CVE-2022-24488

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24488

17

Microsoft Windows Cluster Shared Volume 权限许可和访问控制问题漏洞

CNNVD-202204-3189

CVE-2022-24489

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24489

18

Microsoft Hyper-V 信息泄露漏洞

CNNVD-202204-3119

CVE-2022-24490

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24490

19

Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞

CNNVD-202204-3113

CVE-2022-24492

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492

20

Microsoft Windows Ancillary Function Driver for  WinSock权限许可和访问控制问题漏洞

CNNVD-202204-3128

CVE-2022-24494

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24494

21

Microsoft Windows Media Foundation 输入验证错误漏洞

CNNVD-202204-3123

CVE-2022-24495

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24495

22

Microsoft Windows Local Security Authority  Subsystem Service 权限许可和访问控制问题漏洞

CNNVD-202204-3136

CVE-2022-24496

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24496

23

Microsoft Windows Installer 权限许可和访问控制问题漏洞

CNNVD-202204-3117

CVE-2022-24499

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24499

24

Microsoft Windows SMB Server输入验证错误漏洞

CNNVD-202204-3116

CVE-2022-24500

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500

25

Microsoft Visual Studio 安全漏洞

CNNVD-202204-3059

CVE-2022-24513

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513

26

Microsoft Windows Common Log File System Driver安全漏洞

CNNVD-202204-3115

CVE-2022-24521

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521

27

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202204-3114

CVE-2022-24527

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24527

28

Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞

CNNVD-202204-3110

CVE-2022-24528

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528

29

Microsoft Windows Installer 权限许可和访问控制问题漏洞

CNNVD-202204-3105

CVE-2022-24530

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24530

30

Microsoft Windows Codecs Library 输入验证错误漏洞

CNNVD-202204-3186

CVE-2022-24532

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24532

31

Microsoft Windows代码注入漏洞

CNNVD-202204-3100

CVE-2022-24533

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24533

32

Microsoft Windows SMB Server 安全漏洞

CNNVD-202204-3099

CVE-2022-24534

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24534

33

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-3098

CVE-2022-24536

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24536

34

Microsoft Hyper-V 安全漏洞

CNNVD-202204-3097

CVE-2022-24537

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24537

35

Microsoft Hyper-V信息泄露漏洞

CNNVD-202204-3095

CVE-2022-24539

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24539

36

Microsoft Windows ALPC竞争条件问题漏洞

CNNVD-202204-3088

CVE-2022-24540

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24540

37

Microsoft Windows SMB Server 输入验证错误漏洞

CNNVD-202204-3087

CVE-2022-24541

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24541

38

Microsoft Win32k 权限许可和访问控制问题漏洞

CNNVD-202204-3086

CVE-2022-24542

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24542

39

Microsoft Windows 输入验证错误漏洞

CNNVD-202204-3126

CVE-2022-24543

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24543

40

Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞

CNNVD-202204-3085

CVE-2022-24544

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24544

41

Microsoft Kerberos for Windows 输入验证错误漏洞

CNNVD-202204-3084

CVE-2022-24545

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24545

42

Microsoft DWM Core Library 权限许可和访问控制问题漏洞

CNNVD-202204-3083

CVE-2022-24546

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24546

43

Microsoft Windows Media Foundation权限许可和访问控制问题漏洞

CNNVD-202204-3073

CVE-2022-24547

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24547

44

Microsoft Windows AppX Deployment Extensions权限许可和访问控制问题漏洞

CNNVD-202204-3072

CVE-2022-24549

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24549

45

Microsoft Windows 权限许可和访问控制问题漏洞

CNNVD-202204-3071

CVE-2022-24550

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24550

46

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3053

CVE-2022-26786

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26786

47

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202204-3067

CVE-2022-26787

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26787

48

Microsoft PowerShell Utility权限许可和访问控制问题漏洞

CNNVD-202204-3062

CVE-2022-26788

高危

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26788

49

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3054

CVE-2022-26789

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26789

50

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202204-3050

CVE-2022-26790

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26790

51

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3052

CVE-2022-26791

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26791

52

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3045

CVE-2022-26792

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26792

53

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202204-3044

CVE-2022-26793

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26793

54

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202204-3043

CVE-2022-26794

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26794

55

Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞

CNNVD-202204-3042

CVE-2022-26795

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795

56

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3041

CVE-2022-26796

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26796

57

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3033

CVE-2022-26797

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26797

58

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3032

CVE-2022-26798

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26798

59

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3031

CVE-2022-26801

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26801

60

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3030

CVE-2022-26802

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26802

61

Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞

CNNVD-202204-3029

CVE-2022-26803

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26803

62

Microsoft Windows Work Folder Service竞争条件问题漏洞

CNNVD-202204-3021

CVE-2022-26807

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26807

63

Microsoft Windows File Explorer 权限许可和访问控制问题漏洞

CNNVD-202204-3020

CVE-2022-26808

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26808

64

Microsoft Windows File Server 权限许可和访问控制问题漏洞

CNNVD-202204-3018

CVE-2022-26810

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26810

65

Microsoft DNS Server代码注入漏洞

CNNVD-202204-3017

CVE-2022-26811

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26811

66

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-3015

CVE-2022-26812

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26812

67

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-3006

CVE-2022-26813

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26813

68

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-3004

CVE-2022-26815

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26815

69

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-2989

CVE-2022-26823

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26823

70

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-2986

CVE-2022-26824

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26824

71

Microsoft DNS Server代码注入漏洞

CNNVD-202204-2971

CVE-2022-26825

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26825

72

Microsoft DNS Server 代码注入漏洞

CNNVD-202204-2972

CVE-2022-26826

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26826

73

Microsoft Windows File Server竞争条件问题漏洞

CNNVD-202204-2970

CVE-2022-26827

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26827

74

Microsoft Bluetooth Driver竞争条件问题漏洞

CNNVD-202204-2969

CVE-2022-26828

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26828

75

Microsoft Windows SMB Server 输入验证错误漏洞

CNNVD-202204-3055

CVE-2022-26830

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26830

76

Microsoft Lightweight Directory Access Protocol输入验证错误漏洞

CNNVD-202204-2965

CVE-2022-26831

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26831

77

Microsoft .NET Framework输入验证错误漏洞

CNNVD-202204-3008

CVE-2022-26832

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26832

78

Microsoft Azure Site Recovery 输入验证错误漏洞

CNNVD-202204-3220

CVE-2022-26898

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26898

79

Microsoft Excel 代码注入漏洞

CNNVD-202204-3106

CVE-2022-26901

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901

80

Microsoft Graphics Components输入验证错误漏洞

CNNVD-202204-3066

CVE-2022-26903

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26903

81

Microsoft Windows 竞争条件问题漏洞

CNNVD-202204-2936

CVE-2022-26904

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904

82

Microsoft Win32k 权限许可和访问控制问题漏洞

CNNVD-202204-2956

CVE-2022-26914

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26914

83

Microsoft Windows 输入验证错误漏洞

CNNVD-202204-2953

CVE-2022-26915

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26915

84

Microsoft Windows 输入验证错误漏洞

CNNVD-202204-2948

CVE-2022-26916

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26916

85

Microsoft Windows 输入验证错误漏洞

CNNVD-202204-2949

CVE-2022-26917

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26917

86

Microsoft Windows 输入验证错误漏洞

CNNVD-202204-2950

CVE-2022-26918

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26918

87

Microsoft Lightweight Directory Access Protocol输入验证错误漏洞

CNNVD-202204-2946

CVE-2022-26919

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26919

88

Microsoft Visual Studio Code 安全漏洞

CNNVD-202204-3290

CVE-2022-26921

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26921

89

Microsoft YARP reverse proxy 安全漏洞

CNNVD-202204-3292

CVE-2022-26924

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26924

90

Microsoft Hyper-V安全漏洞

CNNVD-202204-3197

CVE-2022-23268

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23268

91

Microsoft Power BI 安全漏洞

CNNVD-202204-3199

CVE-2022-23292

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23292

92

Microsoft Windows Kernel信息泄露漏洞

CNNVD-202204-3188

CVE-2022-24483

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24483

93

Microsoft Windows Cluster Shared Volume 输入验证错误漏洞

CNNVD-202204-3108

CVE-2022-24484

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24484

94

Microsoft Local Security Authority Server 信息泄露漏洞

CNNVD-202204-3130

CVE-2022-24493

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24493

95

Microsoft Windows 信息泄露漏洞

CNNVD-202204-3121

CVE-2022-24498

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24498

96

Microsoft Windows Cluster Shared Volume 输入验证错误漏洞

CNNVD-202204-3096

CVE-2022-24538

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24538

97

Microsoft Defender 输入验证错误漏洞

CNNVD-202204-3203

CVE-2022-24548

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24548

98

Git for Windows 代码问题漏洞

CNNVD-202204-3058

CVE-2022-24767

中危

https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3

99

Microsoft Hyper-V信息泄露漏洞

CNNVD-202204-3070

CVE-2022-26783

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26783

100

Microsoft Windows Cluster Shared Volume 输入验证错误漏洞

CNNVD-202204-3069

CVE-2022-26784

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26784

101

Microsoft Hyper-V信息泄露漏洞

CNNVD-202204-3068

CVE-2022-26785

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26785

102

Microsoft Windows Active Directory 竞争条件问题漏洞

CNNVD-202204-3005

CVE-2022-26814

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26814

103

Microsoft DNS Server 信息泄露漏洞

CNNVD-202204-3007

CVE-2022-26816

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26816

104

Microsoft Windows Active Directory 竞争条件问题漏洞

CNNVD-202204-3002

CVE-2022-26817

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26817

105

Microsoft DNS Server代码注入漏洞

CNNVD-202204-3003

CVE-2022-26818

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26818

106

Microsoft DNS Server 竞争条件问题漏洞

CNNVD-202204-2992

CVE-2022-26819

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26819

107

Microsoft DNS Server 竞争条件问题漏洞

CNNVD-202204-2991

CVE-2022-26820

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26820

108

Microsoft DNS Server 竞争条件问题漏洞

CNNVD-202204-2990

CVE-2022-26821

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26821

109

Microsoft DNS Server 竞争条件问题漏洞

CNNVD-202204-2988

CVE-2022-26822

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26822

110

Microsoft DNS Server 竞争条件问题漏洞

CNNVD-202204-2968

CVE-2022-26829

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829

111

Microsoft Azure Site Recovery 信息泄露漏洞

CNNVD-202204-3222

CVE-2022-26896

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896

112

Microsoft Azure Site Recovery 信息泄露漏洞

CNNVD-202204-3218

CVE-2022-26897

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26897

113

Microsoft Azure SDK 信息泄露漏洞

CNNVD-202204-3252

CVE-2022-26907

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907

114

Microsoft Skype for Business Server 安全漏洞

CNNVD-202204-3074

CVE-2022-26910

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26910

115

Microsoft Skype for Business Server 信息泄露漏洞

CNNVD-202204-3195

CVE-2022-26911

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911

116

Microsoft Graphics Components信息泄露漏洞

CNNVD-202204-2976

CVE-2022-26920

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26920

此次更新共包括2个漏洞的补丁程序,其中高危漏洞1个,中危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Visual Studio 权限许可和访问控制问题漏洞

CNNVD-202112-1181

CVE-2021-43877

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877

2

Microsoft Windows 安全特征问题特征问题漏洞

CNNVD-202110-805

CVE-2021-41337

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41337


    此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Google brotli Library 缓冲区错误漏洞

CNNVD-202009-910

CVE-2020-8927

中危

Google

https://github.com/google/brotli/releases/tag/v1.0

2

Git for Windows 代码问题漏洞

CNNVD-202204-2943

CVE-2022-24765

中危

个人开发者

https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
     CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: [email protected]


原文始发于微信公众号(CNNVD安全动态):CNNVD关于微软多个安全漏洞的通报(更新版)

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年4月20日16:41:35
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CNNVD关于微软多个安全漏洞的通报(更新版)https://cn-sec.com/archives/929858.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息