近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞56个,影响到微软产品的其他厂商漏洞0个。包括Microsoft Graphics Component 安全漏洞(CNNVD-202212-3145、CVE-2022-26804)、Microsoft Graphics Component 安全漏洞(CNNVD-202212-3123、CVE-2022-26805)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2022年12月13日,微软发布了2022年12月份安全更新,共56个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Fax Compose Form、Microsoft Windows Hyper-V、Microsoft Windows Print Spooler Components、Microsoft Windows DirectX、Microsoft Windows Error Reporting等。CNNVD对其危害等级进行了评价,其中高危漏洞45个,中危漏洞10个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问

https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括48个新增漏洞的补丁程序,其中高危漏洞40个,中危漏洞8个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3145

CVE-2022-26804

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26804

2

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3123

CVE-2022-26805

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26805

3

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3122

CVE-2022-26806

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26806

4

Microsoft Windows PowerShell 安全漏洞

CNNVD-202212-3016

CVE-2022-41076

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076

5

Microsoft Windows Fax Compose Form 安全漏洞

CNNVD-202212-3014

CVE-2022-41077

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41077

6

Microsoft .NET Framework 安全漏洞

CNNVD-202212-2976

CVE-2022-41089

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089

7

Microsoft Windows Hyper-V 安全漏洞

CNNVD-202212-3013

CVE-2022-41094

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41094

8

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3012

CVE-2022-41121

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121

9

Microsoft Dynamics 安全漏洞

CNNVD-202212-3159

CVE-2022-41127

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127

10

Microsoft Windows Contacts 安全漏洞

CNNVD-202212-3011

CVE-2022-44666

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44666

11

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202212-3009

CVE-2022-44667

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44667

12

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202212-3010

CVE-2022-44668

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44668

13

Microsoft Windows Error Reporting 安全漏洞

CNNVD-202212-3007

CVE-2022-44669

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44669

14

Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞

CNNVD-202212-3006

CVE-2022-44670

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44670

15

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3004

CVE-2022-44671

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44671

16

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

CNNVD-202212-3003

CVE-2022-44673

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44673

17

Microsoft Bluetooth Driver 安全漏洞

CNNVD-202212-3001

CVE-2022-44675

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44675

18

Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞

CNNVD-202212-2999

CVE-2022-44676

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44676

19

Microsoft Projected File System 安全漏洞

CNNVD-202212-2996

CVE-2022-44677

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44677

20

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202212-2992

CVE-2022-44678

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44678

21

Microsoft Graphics Component 安全漏洞

CNNVD-202212-2991

CVE-2022-44680

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44680

22

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202212-2993

CVE-2022-44681

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44681

23

Microsoft Windows Kernel 安全漏洞

CNNVD-202212-2981

CVE-2022-44683

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44683

24

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202212-3152

CVE-2022-44687

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44687

25

Microsoft Windows Subsystem for Linux 安全漏洞

CNNVD-202212-2980

CVE-2022-44689

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44689

26

Microsoft SharePoint 安全漏洞

CNNVD-202212-3018

CVE-2022-44690

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44690

27

Microsoft Office 安全漏洞

CNNVD-202212-3121

CVE-2022-44691

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44691

28

Microsoft Office 安全漏洞

CNNVD-202212-3098

CVE-2022-44692

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44692

29

Microsoft SharePoint 安全漏洞

CNNVD-202212-3017

CVE-2022-44693

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44693

30

Microsoft Office Visio 安全漏洞

CNNVD-202212-3084

CVE-2022-44694

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44694

31

Microsoft Office Visio 安全漏洞

CNNVD-202212-3070

CVE-2022-44695

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44695

32

Microsoft Office Visio 安全漏洞

CNNVD-202212-3057

CVE-2022-44696

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44696

33

Microsoft Graphics Component 安全漏洞

CNNVD-202212-2979

CVE-2022-44697

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44697

34

Microsoft Windows Terminal 安全漏洞

CNNVD-202212-3149

CVE-2022-44702

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44702

35

Microsoft SysInternals 安全漏洞

CNNVD-202212-3148

CVE-2022-44704

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44704

36

Microsoft Windows DirectX 安全漏洞

CNNVD-202212-2978

CVE-2022-44710

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44710

37

Microsoft Outlook 安全漏洞

CNNVD-202212-3053

CVE-2022-44713

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44713

38

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3050

CVE-2022-47211

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47211

39

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3046

CVE-2022-47212

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47212

40

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3044

CVE-2022-47213

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47213

41

Microsoft Outlook 安全漏洞

CNNVD-202212-3157

CVE-2022-24480

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24480

42

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3015

CVE-2022-41074

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41074

43

Microsoft Bluetooth Driver 安全漏洞

CNNVD-202212-3002

CVE-2022-44674

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44674

44

Microsoft Graphics Component 安全漏洞

CNNVD-202212-2997

CVE-2022-44679

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44679

45

Microsoft Windows Hyper-V 安全漏洞

CNNVD-202212-2983

CVE-2022-44682

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44682

46

Microsoft Windows SmartScreen 安全漏洞

CNNVD-202212-2977

CVE-2022-44698

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698

47

Microsoft Azure 安全漏洞

CNNVD-202212-3150

CVE-2022-44699

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44699

48

Microsoft Windows Kernel 安全漏洞

CNNVD-202212-2975

CVE-2022-44707

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44707

此次更新共包括8个更新漏洞的补丁程序,其中高危漏洞5个,中危漏洞2个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft SPNEGO Extended Negotiation 安全漏洞

CNNVD-202209-818

CVE-2022-37958

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958

2

Microsoft Windows Kerberos 安全漏洞

CNNVD-202211-2288

CVE-2022-37967

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967

3

Microsoft Windows Active Directory 安全漏洞

CNNVD-202210-594

CVE-2022-38042

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38042

4

Microsoft Exchange Server 安全漏洞

CNNVD-202211-2394

CVE-2022-41078

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078

5

Microsoft Exchange Server 安全漏洞

CNNVD-202211-2380

CVE-2022-41079

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079

6

Microsoft Windows Defender 安全漏洞

CNNVD-202208-2556

CVE-2022-34704

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704

7

Microsoft Windows Portable Device Enumerator Service 安全漏洞

CNNVD-202210-458

CVE-2022-38032

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38032

8

Microsoft Office 安全漏洞

CNNVD-202210-403

CVE-2022-41043

低危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41043

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。