关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞61个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Open Management Infrastructure 安全漏洞(CNNVD-202403-1033、CVE-2024-21334)、Microsoft Azure Kubernetes 安全漏洞(CNNVD-202403-1028、CVE-2024-21400)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据、提升权限等。微软多个产品和系统受漏洞影响。
目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年3月12日,微软发布了2024年3月份安全更新,共62个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。
本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft SharePoint、Microsoft Django Backend for SQL Server、Microsoft Windows Kerberos、Microsoft Authenticator、Microsoft QUIC等。
CNNVD对其危害等级进行了评价,其中超危漏洞2个,高危漏洞47个,中危漏洞13个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括59个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞45个,中危漏洞12个。
序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Open Management Infrastructure 安全漏洞CNNVD-202403-1033CVE-2024-21334超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334
2Microsoft Azure Kubernetes 安全漏洞CNNVD-202403-1028CVE-2024-21400超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400
3Microsoft Open Management Infrastructure 安全漏洞CNNVD-202403-1031CVE-2024-21330高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330
4Microsoft Authenticator 安全漏洞CNNVD-202403-1034CVE-2024-21390高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21390
5Microsoft .NET和Microsoft Visual Studio 安全漏洞CNNVD-202403-1029CVE-2024-21392高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392
6Microsoft Hyper-V 安全漏洞CNNVD-202403-1027CVE-2024-21407高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21407
7Microsoft Skype 安全漏洞CNNVD-202403-1025CVE-2024-21411高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411
8Microsoft Software for Open Networking in the Cloud (SONiC) 安全漏洞CNNVD-202403-1024CVE-2024-21418高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418
9Microsoft Dynamics 365 安全漏洞CNNVD-202403-1022CVE-2024-21419高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419
10Microsoft Azure SDK 安全漏洞CNNVD-202403-1021CVE-2024-21421高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421
11Microsoft SharePoint 安全漏洞CNNVD-202403-1020CVE-2024-21426高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426
12Microsoft Windows Kerberos 安全漏洞CNNVD-202403-1023CVE-2024-21427高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427
13Microsoft Hypervisor-Protected Code Integrity 安全漏洞CNNVD-202403-1016CVE-2024-21431高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431
14Microsoft Windows Update Stack 安全漏洞CNNVD-202403-1017CVE-2024-21432高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432
15Microsoft Windows Print Spooler Components 安全漏洞CNNVD-202403-1014CVE-2024-21433高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433
16Microsoft Windows SCSI Class System File 安全漏洞CNNVD-202403-1015CVE-2024-21434高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434
17Microsoft OLE 安全漏洞CNNVD-202403-1013CVE-2024-21435高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21435
18Microsoft Windows Installer 安全漏洞CNNVD-202403-1012CVE-2024-21436高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21436
19Microsoft Graphics Component 安全漏洞CNNVD-202403-1011CVE-2024-21437高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21437
20Microsoft Windows AllJoyn API 安全漏洞CNNVD-202403-1010CVE-2024-21438高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438
21Microsoft Windows Telephony Server 安全漏洞CNNVD-202403-1008CVE-2024-21439高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21439
22Microsoft ODBC Driver 安全漏洞CNNVD-202403-1007CVE-2024-21440高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21440
23Microsoft OLE DB Provider for SQL Server 安全漏洞CNNVD-202403-1009CVE-2024-21441高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21441
24Microsoft Windows USB Print Driver 安全漏洞CNNVD-202403-1005CVE-2024-21442高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21442
25Microsoft Windows Kernel 安全漏洞CNNVD-202403-1006CVE-2024-21443高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21443
26Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202403-1004CVE-2024-21444高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21444
27Microsoft Windows USB Print Driver 安全漏洞CNNVD-202403-1003CVE-2024-21445高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21445
28Microsoft Windows NTFS 安全漏洞CNNVD-202403-1001CVE-2024-21446高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21446
29Microsoft OLE DB Provider for SQL Server 安全漏洞CNNVD-202403-1002CVE-2024-21450高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21450
30Microsoft ODBC Driver 安全漏洞CNNVD-202403-999CVE-2024-21451高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21451
31Microsoft ODBC Driver 安全漏洞CNNVD-202403-998CVE-2024-26159高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26159
32Microsoft OLE DB Provider for SQL Server 安全漏洞CNNVD-202403-995CVE-2024-26161高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26161
33Microsoft ODBC Driver 安全漏洞CNNVD-202403-994CVE-2024-26162高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162
34Microsoft Django Backend for SQL Server 安全漏洞CNNVD-202403-1030CVE-2024-26164高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26164
35Microsoft Visual Studio Code 安全漏洞CNNVD-202403-996CVE-2024-26165高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165
36Microsoft OLE DB Provider for SQL Server 安全漏洞CNNVD-202403-993CVE-2024-26166高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26166
37Microsoft Windows Error Reporting 安全漏洞CNNVD-202403-992CVE-2024-26169高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169
38Microsoft Windows Composite Image File System 安全漏洞CNNVD-202403-991CVE-2024-26170高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26170
39Microsoft Windows Kernel 安全漏洞CNNVD-202403-988CVE-2024-26173高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26173
40Microsoft Windows Kernel 安全漏洞CNNVD-202403-989CVE-2024-26176高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26176
41Microsoft Windows Kernel 安全漏洞CNNVD-202403-985CVE-2024-26178高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26178
42Microsoft Windows Kernel 安全漏洞CNNVD-202403-982CVE-2024-26182高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26182
43Microsoft QUIC 安全漏洞CNNVD-202403-983CVE-2024-26190高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190
44Microsoft Exchange Server 安全漏洞CNNVD-202403-979CVE-2024-26198高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198
45Microsoft Office 安全漏洞CNNVD-202403-978CVE-2024-26199高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199
46Microsoft Azure Data Studio 安全漏洞CNNVD-202403-975CVE-2024-26203高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203
47Microsoft Outlook for Android 安全漏洞CNNVD-202403-977CVE-2024-26204高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204
48Microsoft Defender 安全漏洞CNNVD-202403-1032CVE-2024-20671中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671
49Microsoft Hyper-V 安全漏洞CNNVD-202403-1026CVE-2024-21408中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408
50Microsoft Windows USB Hub Driver 安全漏洞CNNVD-202403-1019CVE-2024-21429中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429
51Microsoft Windows USB Attached SCSI 安全漏洞CNNVD-202403-1018CVE-2024-21430中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430
52Microsoft Teams 安全漏洞CNNVD-202403-1000CVE-2024-21448中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448
53Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞CNNVD-202403-997CVE-2024-26160中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26160
54Microsoft Windows Kernel 安全漏洞CNNVD-202403-987CVE-2024-26174中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26174
55Microsoft Windows Kernel 安全漏洞CNNVD-202403-986CVE-2024-26177中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26177
56Microsoft Windows Kernel 安全漏洞CNNVD-202403-984CVE-2024-26181中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26181
57Microsoft Windows Compressed Folder 安全漏洞CNNVD-202403-981CVE-2024-26185中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26185
58Microsoft Windows Standards-Based Storage Management Service 安全漏洞CNNVD-202403-980CVE-2024-26197中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26197
59Microsoft Intune 安全漏洞CNNVD-202403-976CVE-2024-26201中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26201
此次更新共包括2个更新漏洞的补丁程序,其中高危漏洞2个。
序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Office Visio 安全漏洞CNNVD-202308-747CVE-2023-35372高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372
2Microsoft Office Visio 安全漏洞CNNVD-202308-687CVE-2023-36866高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个。
序号漏洞名称CNNVD编号CVE编号危害等级厂商官方链接
1Intel Atom Processors 安全漏洞CNNVD-202403-1080CVE-2023-28746中危Intelhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-usCNNVD
页:
[1]