近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞109个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Windows Network File System 代码注入漏洞(CNNVD-202204-3112、CVE-2022-24491)、Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞(CNNVD-202204-3019、CVE-2022-26809)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年4月13日,微软发布了2022年4月份安全更新,共111个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows组件、Microsoft Windows SMB Server、MicrosoftWindows App Store、Microsoft .NET等。CNNVD对其危害等级进行了评价,其中超危漏洞2个,高危漏洞60个,中危漏洞49个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括108个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞59个,中危漏洞47个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Network File System 代码注入漏洞 | CNNVD-202204-3112 | CVE-2022-24491 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491 |
2 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3019 | CVE-2022-26809 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809 |
3 | Microsoft Dynamics 输入验证错误漏洞 | CNNVD-202204-3184 | CVE-2022-23259 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23259 |
4 | Microsoft Office 代码注入漏洞 | CNNVD-202204-3104 | CVE-2022-24473 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473 |
5 | Microsoft Win32K 权限许可和访问控制问题漏洞 | CNNVD-202204-3107 | CVE-2022-24474 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24474 |
6 | Microsoft Windows Common Log File System Driver 权限许可和访问控制问题漏洞 | CNNVD-202204-3200 | CVE-2022-24481 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24481 |
7 | Microsoft Windows SMB Server 代码注入漏洞 | CNNVD-202204-3109 | CVE-2022-24485 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24485 |
8 | Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3201 | CVE-2022-24486 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24486 |
9 | Microsoft Windows Local Security Authority Subsystem Service 输入验证错误漏洞 | CNNVD-202204-3196 | CVE-2022-24487 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24487 |
10 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3189 | CVE-2022-24489 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24489 |
11 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202204-3119 | CVE-2022-24490 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24490 |
12 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3113 | CVE-2022-24492 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492 |
13 | Microsoft Windows Local Security Authority Subsystem Service 权限许可和访问控制问题漏洞 | CNNVD-202204-3136 | CVE-2022-24496 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24496 |
14 | Microsoft Windows SMB Server 输入验证错误漏洞 | CNNVD-202204-3116 | CVE-2022-24500 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500 |
15 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3110 | CVE-2022-24528 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528 |
16 | Microsoft Windows Codecs Library 输入验证错误漏洞 | CNNVD-202204-3186 | CVE-2022-24532 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24532 |
17 | Microsoft Windows rdp 代码注入漏洞 | CNNVD-202204-3100 | CVE-2022-24533 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24533 |
18 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202204-3099 | CVE-2022-24534 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24534 |
19 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3098 | CVE-2022-24536 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24536 |
20 | Microsoft Hyper-V 安全漏洞 | CNNVD-202204-3097 | CVE-2022-24537 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24537 |
21 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202204-3095 | CVE-2022-24539 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24539 |
22 | Microsoft Windows ALPC 竞争条件问题漏洞 | CNNVD-202204-3088 | CVE-2022-24540 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24540 |
23 | Microsoft Windows SMB Server 输入验证错误漏洞 | CNNVD-202204-3087 | CVE-2022-24541 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24541 |
24 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-3126 | CVE-2022-24543 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24543 |
25 | Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3085 | CVE-2022-24544 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24544 |
26 | Microsoft Windows输入验证错误漏洞 | CNNVD-202204-3084 | CVE-2022-24545 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24545 |
27 | Microsoft Windows AppX Deployment Extensions权限许可和访问控制问题漏洞 | CNNVD-202204-3072 | CVE-2022-24549 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24549 |
28 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3054 | CVE-2022-26789 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26789 |
29 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3050 | CVE-2022-26790 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26790 |
30 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3052 | CVE-2022-26791 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26791 |
31 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3045 | CVE-2022-26792 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26792 |
32 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3042 | CVE-2022-26795 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795 |
33 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3041 | CVE-2022-26796 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26796 |
34 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3033 | CVE-2022-26797 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26797 |
35 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3032 | CVE-2022-26798 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26798 |
36 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3031 | CVE-2022-26801 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26801 |
37 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3030 | CVE-2022-26802 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26802 |
38 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3029 | CVE-2022-26803 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26803 |
39 | Microsoft Windows Work Folder Service 竞争条件问题漏洞 | CNNVD-202204-3021 | CVE-2022-26807 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26807 |
40 | Microsoft Windows File Explorer 权限许可和访问控制问题漏洞 | CNNVD-202204-3020 | CVE-2022-26808 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26808 |
41 | Microsoft Windows File Explorer权限许可和访问控制问题漏洞 | CNNVD-202204-3018 | CVE-2022-26810 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26810 |
42 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3017 | CVE-2022-26811 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26811 |
43 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3015 | CVE-2022-26812 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26812 |
44 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3006 | CVE-2022-26813 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26813 |
45 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3004 | CVE-2022-26815 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26815 |
46 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2989 | CVE-2022-26823 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26823 |
47 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2986 | CVE-2022-26824 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26824 |
48 | Microsoft Windows SMB Server 输入验证错误漏洞 | CNNVD-202204-3055 | CVE-2022-26830 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26830 |
49 | Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞 | CNNVD-202204-2965 | CVE-2022-26831 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26831 |
50 | Microsoft .NET Framework输入验证错误漏洞 | CNNVD-202204-3008 | CVE-2022-26832 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26832 |
51 | Microsoft Azure Site Recovery 输入验证错误漏洞 | CNNVD-202204-3220 | CVE-2022-26898 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26898 |
52 | Microsoft Office 代码注入漏洞 | CNNVD-202204-3106 | CVE-2022-26901 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901 |
53 | Microsoft Graphics Components 输入验证错误漏洞 | CNNVD-202204-3066 | CVE-2022-26903 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26903 |
54 | Microsoft Windows 竞争条件问题漏洞 | CNNVD-202204-2936 | CVE-2022-26904 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904 |
55 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-2953 | CVE-2022-26915 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26915 |
56 | Microsoft Windows Fax services 输入验证错误漏洞 | CNNVD-202204-2948 | CVE-2022-26916 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26916 |
57 | Microsoft Windows Fax services输入验证错误漏洞 | CNNVD-202204-2949 | CVE-2022-26917 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26917 |
58 | Microsoft Windows Fax services输入验证错误漏洞 | CNNVD-202204-2950 | CVE-2022-26918 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26918 |
59 | Microsoft Lightweight Directory Access Protocol 输入验证错误漏洞 | CNNVD-202204-2946 | CVE-2022-26919 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26919 |
60 | Microsoft Visual Studio 安全漏洞 | CNNVD-202204-3290 | CVE-2022-26921 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26921 |
61 | Microsoft YARP reverse proxy 安全漏洞 | CNNVD-202204-3292 | CVE-2022-26924 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26924 |
62 | Microsoft Office 安全漏洞 | CNNVD-202204-3194 | CVE-2022-24472 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472 |
63 | Microsoft Windows Feedback Hub 权限许可和访问控制问题漏洞 | CNNVD-202204-3198 | CVE-2022-24479 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479 |
64 | Microsoft Windows Kernel 信息泄露漏洞 | CNNVD-202204-3188 | CVE-2022-24483 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24483 |
65 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-3108 | CVE-2022-24484 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24484 |
66 | Microsoft Windows App Store 权限许可和访问控制问题漏洞 | CNNVD-202204-3192 | CVE-2022-24488 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24488 |
67 | Microsoft Local Security Authority Server 信息泄露漏洞 | CNNVD-202204-3130 | CVE-2022-24493 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24493 |
68 | Microsoft Windows Ancillary Function Driver for WinSock 权限许可和访问控制问题漏洞 | CNNVD-202204-3128 | CVE-2022-24494 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24494 |
69 | Microsoft Windows Media Foundation 输入验证错误漏洞 | CNNVD-202204-3123 | CVE-2022-24495 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24495 |
70 | Microsoft Windows 信息泄露漏洞 | CNNVD-202204-3121 | CVE-2022-24498 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24498 |
71 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202204-3117 | CVE-2022-24499 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24499 |
72 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3114 | CVE-2022-24527 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24527 |
73 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202204-3105 | CVE-2022-24530 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24530 |
74 | Microsoft Windows Cluster Shared Volume 输入验证错误漏洞 | CNNVD-202204-3096 | CVE-2022-24538 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24538 |
75 | Microsoft Win32K 权限许可和访问控制问题漏洞 | CNNVD-202204-3086 | CVE-2022-24542 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24542 |
76 | Microsoft DWM Core Library 权限许可和访问控制问题漏洞 | CNNVD-202204-3083 | CVE-2022-24546 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24546 |
77 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3073 | CVE-2022-24547 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24547 |
78 | Microsoft Windows Defender 输入验证错误漏洞 | CNNVD-202204-3203 | CVE-2022-24548 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24548 |
79 | Microsoft Windows权限许可和访问控制问题漏洞 | CNNVD-202204-3071 | CVE-2022-24550 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24550 |
80 | Git for Windows 代码问题漏洞 | CNNVD-202204-3058 | CVE-2022-24767 | 中危 | https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3 |
81 | Microsoft Hyper-V信息泄露漏洞 | CNNVD-202204-3070 | CVE-2022-26783 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26783 |
82 | Microsoft Windows Cluster Shared Volume输入验证错误漏洞 | CNNVD-202204-3069 | CVE-2022-26784 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26784 |
83 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202204-3068 | CVE-2022-26785 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26785 |
84 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3053 | CVE-2022-26786 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26786 |
85 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3067 | CVE-2022-26787 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26787 |
86 | Microsoft PowerShell Utility 权限许可和访问控制问题漏洞 | CNNVD-202204-3062 | CVE-2022-26788 | 中危 | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26788 |
87 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3044 | CVE-2022-26793 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26793 |
88 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3043 | CVE-2022-26794 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26794 |
89 | Microsoft Windows Active Directory 代码注入漏洞 | CNNVD-202204-3005 | CVE-2022-26814 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26814 |
90 | Microsoft DNS Server 信息泄露漏洞 | CNNVD-202204-3007 | CVE-2022-26816 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26816 |
91 | Microsoft Windows Active Directory 代码注入漏洞 | CNNVD-202204-3002 | CVE-2022-26817 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26817 |
92 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3003 | CVE-2022-26818 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26818 |
93 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2992 | CVE-2022-26819 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26819 |
94 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2991 | CVE-2022-26820 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26820 |
95 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2990 | CVE-2022-26821 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26821 |
96 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2988 | CVE-2022-26822 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26822 |
97 | Microsoft DNS Server代码注入漏洞 | CNNVD-202204-2971 | CVE-2022-26825 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26825 |
98 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2972 | CVE-2022-26826 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26826 |
99 | Microsoft Windows File Server 竞争条件问题漏洞 | CNNVD-202204-2970 | CVE-2022-26827 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26827 |
100 | Microsoft Bluetooth Driver 竞争条件问题漏洞 | CNNVD-202204-2969 | CVE-2022-26828 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26828 |
101 | Microsoft DNS Server代码注入漏洞 | CNNVD-202204-2968 | CVE-2022-26829 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829 |
102 | Microsoft Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3222 | CVE-2022-26896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896 |
103 | Microsoft Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3218 | CVE-2022-26897 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26897 |
104 | Microsoft Azure SDK 信息泄露漏洞 | CNNVD-202204-3252 | CVE-2022-26907 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907 |
105 | Microsoft Skype 安全漏洞 | CNNVD-202204-3074 | CVE-2022-26910 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26910 |
106 | Microsoft Skype for Business Server 信息泄露漏洞 | CNNVD-202204-3195 | CVE-2022-26911 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911 |
107 | Microsoft Win32k 权限许可和访问控制问题漏洞 | CNNVD-202204-2956 | CVE-2022-26914 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26914 |
108 | Microsoft Graphics Components 信息泄露漏洞 | CNNVD-202204-2976 | CVE-2022-26920 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26920 |
此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Visual Studio 权限许可和访问控制问题漏洞 | CNNVD-202112-1181 | CVE-2021-43877 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877 |
此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Google brotli Library 缓冲区错误漏洞 | CNNVD-202009-910 | CVE-2020-8927 | 中危 | https://github.com/google/brotli/releases/tag/v1.0 | |
2 | Git for Windows 代码问题漏洞 | CNNVD-202204-2943 | CVE-2022-24765 | 中危 | 个人开发者 | https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
