近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞62个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Windows TCP/IP component 安全漏洞(CNNVD-202209-917、CVE-2022-34718)、Microsoft Windows 安全漏洞(CNNVD-202209-913、CVE-2022-34721)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2022年9月13日,微软发布了2022年9月份安全更新,共63个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft HTTP.sys、Microsoft Lightweight Directory Access Protocol、Microsoft Windows DNS、Microsoft Windows Fax Service、Microsoft SharePoint等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞52个,中危漏洞8个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问

https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括62个新增漏洞的补丁程序,其中超危漏洞3个,高危漏洞52个,中危漏洞7个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows TCP/IP component 安全漏洞

CNNVD-202209-917

CVE-2022-34718

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34718

2

Microsoft Windows 安全漏洞

CNNVD-202209-913

CVE-2022-34721

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34721

3

Microsoft Windows 安全漏洞

CNNVD-202209-911

CVE-2022-34722

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34722

4

Microsoft Windows 安全漏洞

CNNVD-202209-922

CVE-2022-26928

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26928

5

Microsoft .NET Framework 安全漏洞

CNNVD-202209-908

CVE-2022-26929

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26929

6

Microsoft Windows 安全漏洞

CNNVD-202209-924

CVE-2022-30170

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30170

7

Microsoft Windows 安全漏洞

CNNVD-202209-927

CVE-2022-30196

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30196

8

Microsoft Lightweight Directory Access Protocol 安全漏洞

CNNVD-202209-925

CVE-2022-30200

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30200

9

Microsoft Windows Kerberos 安全漏洞

CNNVD-202209-923

CVE-2022-33647

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33647

10

Microsoft Windows Kerberos 安全漏洞

CNNVD-202209-921

CVE-2022-33679

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33679

11

Microsoft Dynamics 安全漏洞

CNNVD-202209-918

CVE-2022-34700

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34700

12

Microsoft Windows 安全漏洞

CNNVD-202209-916

CVE-2022-34719

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34719

13

Microsoft Windows 安全漏洞

CNNVD-202209-915

CVE-2022-34720

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34720

14

Microsoft Windows DNS 安全漏洞

CNNVD-202209-907

CVE-2022-34724

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34724

15

Microsoft Windows ALPC 安全漏洞

CNNVD-202209-905

CVE-2022-34725

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34725

16

Microsoft Windows 安全漏洞

CNNVD-202209-901

CVE-2022-34726

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34726

17

Microsoft Windows 安全漏洞

CNNVD-202209-893

CVE-2022-34727

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34727

18

Microsoft Graphics Component 安全漏洞

CNNVD-202209-880

CVE-2022-34729

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34729

19

Microsoft Windows ODBC Driver 安全漏洞

CNNVD-202209-871

CVE-2022-34730

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34730

20

Microsoft Windows OLE 安全漏洞

CNNVD-202209-862

CVE-2022-34731

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34731

21

Microsoft Windows 安全漏洞

CNNVD-202209-850

CVE-2022-34732

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34732

22

Microsoft Windows 安全漏洞

CNNVD-202209-841

CVE-2022-34733

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34733

23

Microsoft Windows ODBC Driver 安全漏洞

CNNVD-202209-837

CVE-2022-34734

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34734

24

Microsoft Windows Common Log File System Driver 安全漏洞

CNNVD-202209-836

CVE-2022-35803

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35803

25

Microsoft Dynamics 安全漏洞

CNNVD-202209-912

CVE-2022-35805

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35805

26

Microsoft SharePoint 安全漏洞

CNNVD-202209-808

CVE-2022-35823

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35823

27

Microsoft Defender 安全漏洞

CNNVD-202209-910

CVE-2022-35828

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35828

28

Microsoft Windows Remote Procedure Call Runtime 安全漏洞

CNNVD-202209-834

CVE-2022-35830

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35830

29

Microsoft Windows 安全漏洞

CNNVD-202209-830

CVE-2022-35833

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35833

30

Microsoft Windows 安全漏洞

CNNVD-202209-829

CVE-2022-35834

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35834

31

Microsoft Windows 安全漏洞

CNNVD-202209-828

CVE-2022-35835

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35835

32

Microsoft Windows 安全漏洞

CNNVD-202209-827

CVE-2022-35836

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35836

33

Microsoft HTTP.sys 安全漏洞

CNNVD-202209-825

CVE-2022-35838

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35838

34

Microsoft Windows 安全漏洞

CNNVD-202209-824

CVE-2022-35840

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35840

35

Microsoft Windows 安全漏洞

CNNVD-202209-823

CVE-2022-35841

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35841

36

Microsoft Graphics Component 安全漏洞

CNNVD-202209-822

CVE-2022-37954

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37954

37

Microsoft Windows 安全漏洞

CNNVD-202209-821

CVE-2022-37955

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37955

38

Microsoft Windows Kernel 安全漏洞

CNNVD-202209-820

CVE-2022-37956

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37956

39

Microsoft Windows Kernel 安全漏洞

CNNVD-202209-819

CVE-2022-37957

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37957

40

Microsoft Windows 安全漏洞

CNNVD-202209-818

CVE-2022-37958

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958

41

Microsoft SharePoint 安全漏洞

CNNVD-202209-806

CVE-2022-37961

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37961

42

Microsoft Office 安全漏洞

CNNVD-202209-805

CVE-2022-37962

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37962

43

Microsoft Office Visio 安全漏洞

CNNVD-202209-803

CVE-2022-37963

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37963

44

Microsoft Windows Kernel 安全漏洞

CNNVD-202209-816

CVE-2022-37964

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37964

45

Microsoft Windows Common Log File System Driver 安全漏洞

CNNVD-202209-812

CVE-2022-37969

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37969

46

Microsoft Windows Fax Service 安全漏洞

CNNVD-202209-814

CVE-2022-38004

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38004

47

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202209-815

CVE-2022-38005

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38005

48

Microsoft Azure 安全漏洞

CNNVD-202209-906

CVE-2022-38007

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38007

49

Microsoft SharePoint 安全漏洞

CNNVD-202209-807

CVE-2022-38008

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38008

50

Microsoft SharePoint 安全漏洞

CNNVD-202209-810

CVE-2022-38009

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38009

51

Microsoft Office Visio 安全漏洞

CNNVD-202209-800

CVE-2022-38010

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38010

52

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202209-904

CVE-2022-38011

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38011

53

Microsoft .NET Core和Microsoft Visual Studio 安全漏洞

CNNVD-202209-835

CVE-2022-38013

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38013

54

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202209-903

CVE-2022-38019

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38019

55

Microsoft Visual Studio Code 安全漏洞

CNNVD-202209-902

CVE-2022-38020

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38020

56

Microsoft Windows 安全漏洞

CNNVD-202209-909

CVE-2022-34723

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34723

57

Microsoft Windows 安全漏洞

CNNVD-202209-888

CVE-2022-34728

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34728

58

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202209-832

CVE-2022-35831

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35831

59

Microsoft Windows Event Tracing 安全漏洞

CNNVD-202209-831

CVE-2022-35832

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35832

60

Microsoft Graphics Component 安全漏洞

CNNVD-202209-826

CVE-2022-35837

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35837

61

Microsoft Network Device Enrollment Service (NDES) 安全漏洞

CNNVD-202209-817

CVE-2022-37959

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37959

62

Microsoft Graphics Component 安全漏洞

CNNVD-202209-809

CVE-2022-38006

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38006

此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

多款Arm产品安全漏洞

CNNVD-202203-696

CVE-2022-23960

中危

Arm

https://vigilance.fr/vulnerability/ARM-Processor-information-disclosure-via-Branch-Predictor-Selectors-37740

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。