近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞88个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Azure Kubernetes 安全漏洞(CNNVD-202210-553、CVE-2022-37968)、Microsoft Exchange Server 安全漏洞(CNNVD-202208-2493、CVE-2022-21980)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年10月11日,微软发布了2022年10月份安全更新,共89个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows DHCP Client、Microsoft Windows Kernel、Microsoft Windows Print Spooler Components、Microsoft Word、Microsoft Windows Perception Simulation Service等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞66个,中危漏洞20个,低危漏洞2个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问
https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括83个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞62个,中危漏洞18个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Azure Kubernetes 安全漏洞 | CNNVD-202210-553 | CVE-2022-37968 | 超危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968 |
2 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-567 | CVE-2022-22035 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22035 |
3 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-564 | CVE-2022-24504 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24504 |
4 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-563 | CVE-2022-30198 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30198 |
5 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-562 | CVE-2022-33634 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33634 |
6 | Microsoft Graphics Component 安全漏洞 | CNNVD-202210-561 | CVE-2022-33635 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33635 |
7 | Microsoft Windows TCP/IP component 安全漏洞 | CNNVD-202210-566 | CVE-2022-33645 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33645 |
8 | Microsoft Windows CryptoAPI 安全漏洞 | CNNVD-202210-565 | CVE-2022-34689 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34689 |
9 | Microsoft Windows DWM Core Library 安全漏洞 | CNNVD-202210-556 | CVE-2022-37970 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37970 |
10 | Microsoft Windows Defender 安全漏洞 | CNNVD-202210-552 | CVE-2022-37971 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37971 |
11 | Microsoft Windows Local Session Manager (LSM) 安全漏洞 | CNNVD-202210-551 | CVE-2022-37973 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37973 |
12 | Microsoft Windows 安全漏洞 | CNNVD-202210-550 | CVE-2022-37975 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37975 |
13 | Microsoft Windows Active Directory Certificate Services 安全漏洞 | CNNVD-202210-549 | CVE-2022-37976 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37976 |
14 | Microsoft Windows Active Directory Certificate Services 安全漏洞 | CNNVD-202210-546 | CVE-2022-37978 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37978 |
15 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202210-544 | CVE-2022-37979 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37979 |
16 | Microsoft Windows DHCP Client 安全漏洞 | CNNVD-202210-543 | CVE-2022-37980 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37980 |
17 | Microsoft DWM Core Library 安全漏洞 | CNNVD-202210-530 | CVE-2022-37983 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37983 |
18 | Microsoft Windows WLAN Service 安全漏洞 | CNNVD-202210-520 | CVE-2022-37984 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37984 |
19 | Microsoft Graphics Component 安全漏洞 | CNNVD-202210-508 | CVE-2022-37986 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37986 |
20 | Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞 | CNNVD-202210-496 | CVE-2022-37987 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37987 |
21 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-493 | CVE-2022-37988 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37988 |
22 | Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞 | CNNVD-202210-492 | CVE-2022-37989 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37989 |
23 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-491 | CVE-2022-37990 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37990 |
24 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-490 | CVE-2022-37991 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37991 |
25 | Microsoft Windows Group Policy Preference Client 安全漏洞 | CNNVD-202210-489 | CVE-2022-37993 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37993 |
26 | Microsoft Windows Group Policy Preference Client 安全漏洞 | CNNVD-202210-486 | CVE-2022-37994 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37994 |
27 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-487 | CVE-2022-37995 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37995 |
28 | Microsoft Graphics Component 安全漏洞 | CNNVD-202210-482 | CVE-2022-37997 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37997 |
29 | Microsoft Windows Local Session Manager (LSM) 安全漏洞 | CNNVD-202210-481 | CVE-2022-37998 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37998 |
30 | Microsoft Windows Group Policy Preference Client 安全漏洞 | CNNVD-202210-478 | CVE-2022-37999 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37999 |
31 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-477 | CVE-2022-38000 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38000 |
32 | Microsoft Windows Resilient File System (ReFS) 安全漏洞 | CNNVD-202210-475 | CVE-2022-38003 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38003 |
33 | Microsoft Windows Local Security Authority (LSA) 安全漏洞 | CNNVD-202210-476 | CVE-2022-38016 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38016 |
34 | Microsoft Windows Connected User Experiences and Telemetry 安全漏洞 | CNNVD-202210-470 | CVE-2022-38021 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38021 |
35 | Microsoft Windows Storage 安全漏洞 | CNNVD-202210-463 | CVE-2022-38027 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38027 |
36 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202210-456 | CVE-2022-38028 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38028 |
37 | Microsoft Windows ALPC 安全漏洞 | CNNVD-202210-453 | CVE-2022-38029 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38029 |
38 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202210-455 | CVE-2022-38031 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38031 |
39 | Microsoft Windows Internet Key Exchange (IKE) Protocol 安全漏洞 | CNNVD-202210-443 | CVE-2022-38036 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38036 |
40 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-442 | CVE-2022-38037 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38037 |
41 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-445 | CVE-2022-38038 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38038 |
42 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-435 | CVE-2022-38039 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38039 |
43 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202210-600 | CVE-2022-38040 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38040 |
44 | Microsoft Windows Secure Channel 安全漏洞 | CNNVD-202210-599 | CVE-2022-38041 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38041 |
45 | Microsoft Windows Active Directory 安全漏洞 | CNNVD-202210-594 | CVE-2022-38042 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38042 |
46 | Microsoft Windows CD-ROM Driver 安全漏洞 | CNNVD-202210-432 | CVE-2022-38044 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38044 |
47 | Microsoft Windows 安全漏洞 | CNNVD-202210-426 | CVE-2022-38045 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38045 |
48 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-428 | CVE-2022-38047 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38047 |
49 | Microsoft Office 安全漏洞 | CNNVD-202210-406 | CVE-2022-38048 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38048 |
50 | Microsoft Office 安全漏洞 | CNNVD-202210-405 | CVE-2022-38049 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38049 |
51 | Microsoft Windows Win32K 安全漏洞 | CNNVD-202210-423 | CVE-2022-38050 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38050 |
52 | Microsoft Graphics Component 安全漏洞 | CNNVD-202210-429 | CVE-2022-38051 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38051 |
53 | Microsoft SharePoint 安全漏洞 | CNNVD-202210-417 | CVE-2022-38053 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38053 |
54 | Microsoft Word 安全漏洞 | CNNVD-202210-404 | CVE-2022-41031 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41031 |
55 | Microsoft Visual Studio 安全漏洞 | CNNVD-202210-541 | CVE-2022-41032 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032 |
56 | Microsoft Windows 安全漏洞 | CNNVD-202210-419 | CVE-2022-41033 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41033 |
57 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202210-538 | CVE-2022-41034 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41034 |
58 | Microsoft SharePoint 安全漏洞 | CNNVD-202210-431 | CVE-2022-41036 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41036 |
59 | Microsoft SharePoint 安全漏洞 | CNNVD-202210-416 | CVE-2022-41037 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41037 |
60 | Microsoft SharePoint 安全漏洞 | CNNVD-202210-411 | CVE-2022-41038 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41038 |
61 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202210-540 | CVE-2022-41042 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41042 |
62 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-410 | CVE-2022-41081 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41081 |
63 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202210-539 | CVE-2022-41083 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41083 |
64 | Microsoft Windows NTLM 安全漏洞 | CNNVD-202210-560 | CVE-2022-35770 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35770 |
65 | Microsoft Service Fabric 安全漏洞 | CNNVD-202210-557 | CVE-2022-35829 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829 |
66 | Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 | CNNVD-202210-554 | CVE-2022-37965 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37965 |
67 | Microsoft Windows Perception Simulation Service 安全漏洞 | CNNVD-202210-555 | CVE-2022-37974 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37974 |
68 | Microsoft Windows Local Security Authority Subsystem Service (LSASS) 安全漏洞 | CNNVD-202210-547 | CVE-2022-37977 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37977 |
69 | Microsoft Windows Event Logging Service 安全漏洞 | CNNVD-202210-542 | CVE-2022-37981 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37981 |
70 | Microsoft Graphics Component 安全漏洞 | CNNVD-202210-521 | CVE-2022-37985 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37985 |
71 | Microsoft Windows NTFS 安全漏洞 | CNNVD-202210-488 | CVE-2022-37996 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37996 |
72 | Microsoft Office 安全漏洞 | CNNVD-202210-408 | CVE-2022-38001 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38001 |
73 | Microsoft Azure 安全漏洞 | CNNVD-202210-548 | CVE-2022-38017 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38017 |
74 | Microsoft Windows Distributed File System (DFS) 安全漏洞 | CNNVD-202210-466 | CVE-2022-38025 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38025 |
75 | Microsoft Windows DHCP Client 安全漏洞 | CNNVD-202210-465 | CVE-2022-38026 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38026 |
76 | Microsoft Windows USB Serial Driver 安全漏洞 | CNNVD-202210-454 | CVE-2022-38030 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38030 |
77 | Microsoft Windows Portable Device Enumerator Service 安全漏洞 | CNNVD-202210-458 | CVE-2022-38032 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38032 |
78 | Microsoft Windows Server Remotely Accessible Registry Keys 安全漏洞 | CNNVD-202210-444 | CVE-2022-38033 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38033 |
79 | Microsoft Windows Workstation Service 安全漏洞 | CNNVD-202210-447 | CVE-2022-38034 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38034 |
80 | Microsoft Windows Security Support Provider Interface 安全漏洞 | CNNVD-202210-595 | CVE-2022-38043 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38043 |
81 | Microsoft Windows 安全漏洞 | CNNVD-202210-427 | CVE-2022-38046 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38046 |
82 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202210-469 | CVE-2022-38022 | 低危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38022 |
83 | Microsoft Office 安全漏洞 | CNNVD-202210-403 | CVE-2022-41043 | 低危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41043 |
此次更新共包括5个更新漏洞的补丁程序,其中高危漏洞3个,中危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Exchange Server 安全漏洞 | CNNVD-202208-2489 | CVE-2022-30134 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30134 |
2 | Microsoft Exchange Server 安全漏洞 | CNNVD-202208-2490 | CVE-2022-24477 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24477 |
3 | Microsoft Exchange Server 安全漏洞 | CNNVD-202208-2491 | CVE-2022-24516 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24516 |
4 | Microsoft Exchange Server 安全漏洞 | CNNVD-202208-2493 | CVE-2022-21980 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21980 |
5 | Microsoft Exchange Server 安全漏洞 | CNNVD-202208-2494 | CVE-2022-21979 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21979 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202210-537 | CVE-2022-37982 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37982 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
