近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞77个,影响到微软产品的其他厂商漏洞9个。包括Microsoft Windows Remote Procedure Call 安全漏洞(CNNVD-202303-1051、CVE-2023-21708)、Microsoft Windows HTTP Protocol Stack 安全漏洞(CNNVD-202303-1026、CVE-2023-23392)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2023年3月14日,微软发布了2023年3月份安全更新,共86个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft PostScript Printer Driver、Microsoft Windows HTTP Protocol Stack、Microsoft Graphics Component、Microsoft Windows Hyper-V、Microsoft Windows Point-to-Point Tunneling Protocol等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞48个,中危漏洞32个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:

https://portal.msrc.microsoft.com/zh-cn/security-guidance

二、漏洞详情

此次更新共包括74个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞42个,中危漏洞27个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows Remote Procedure Call 安全漏洞

CNNVD-202303-1051

CVE-2023-21708

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21708

2

Microsoft Windows HTTP Protocol Stack 安全漏洞

CNNVD-202303-1026

CVE-2023-23392

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23392

3

Microsoft Outlook 安全漏洞

CNNVD-202303-1036

CVE-2023-23397

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

4

Microsoft Internet Control Message Protocol 安全漏洞

CNNVD-202303-1075

CVE-2023-23415

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

5

Microsoft Service Fabric 安全漏洞

CNNVD-202303-1016

CVE-2023-23383

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383

6

Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞

CNNVD-202303-1017

CVE-2023-23385

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23385

7

Microsoft Bluetooth Driver 安全漏洞

CNNVD-202303-1019

CVE-2023-23388

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23388

8

Microsoft Windows BrokerInfrastructure 安全漏洞

CNNVD-202303-1032

CVE-2023-23393

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23393

9

Microsoft Excel 安全漏洞

CNNVD-202303-1038

CVE-2023-23398

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398

10

Microsoft Excel 安全漏洞

CNNVD-202303-1039

CVE-2023-23399

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399

11

Microsoft DNS Server 安全漏洞

CNNVD-202303-1054

CVE-2023-23400

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23400

12

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202303-1056

CVE-2023-23401

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23401

13

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202303-1057

CVE-2023-23402

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23402

14

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1040

CVE-2023-23403

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23403

15

Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞

CNNVD-202303-1058

CVE-2023-23404

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23404

16

Microsoft Windows Remote Procedure Call Runtime 安全漏洞

CNNVD-202303-1060

CVE-2023-23405

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23405

17

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1062

CVE-2023-23406

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23406

18

Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞

CNNVD-202303-1064

CVE-2023-23407

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23407

19

Microsoft HTTP.sys 安全漏洞

CNNVD-202303-1072

CVE-2023-23410

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410

20

Microsoft Windows Accounts Control 安全漏洞

CNNVD-202303-1087

CVE-2023-23412

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23412

21

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1076

CVE-2023-23413

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23413

22

Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞

CNNVD-202303-1077

CVE-2023-23414

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23414

23

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202303-1079

CVE-2023-23416

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416

24

Microsoft Windows Partition Management Driver 安全漏洞

CNNVD-202303-1073

CVE-2023-23417

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23417

25

Microsoft Windows Resilient File System (ReFS) 安全漏洞

CNNVD-202303-1070

CVE-2023-23418

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23418

26

Microsoft Windows Resilient File System (ReFS) 安全漏洞

CNNVD-202303-1068

CVE-2023-23419

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23419

27

Microsoft Windows Kernel 安全漏洞

CNNVD-202303-1065

CVE-2023-23420

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23420

28

Microsoft Windows Kernel 安全漏洞

CNNVD-202303-1063

CVE-2023-23421

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23421

29

Microsoft Windows Kernel 安全漏洞

CNNVD-202303-1061

CVE-2023-23422

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23422

30

Microsoft Windows Kernel 安全漏洞

CNNVD-202303-1059

CVE-2023-23423

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23423

31

Microsoft Windows Internet Key Exchange (IKE) Protocol 安全漏洞

CNNVD-202303-1071

CVE-2023-24859

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24859

32

Microsoft Windows Win32K 安全漏洞

CNNVD-202303-1052

CVE-2023-24861

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861

33

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1066

CVE-2023-24864

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24864

34

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1046

CVE-2023-24867

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24867

35

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1045

CVE-2023-24868

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24868

36

Microsoft Windows Remote Procedure Call Runtime 安全漏洞

CNNVD-202303-1042

CVE-2023-24869

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24869

37

Microsoft Windows Bluetooth Service 安全漏洞

CNNVD-202303-1041

CVE-2023-24871

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24871

38

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1037

CVE-2023-24872

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24872

39

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1035

CVE-2023-24876

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24876

40

Microsoft Edge 安全漏洞

CNNVD-202303-1024

CVE-2023-24892

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24892

41

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1018

CVE-2023-24907

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24907

42

Microsoft Windows Remote Procedure Call Runtime 安全漏洞

CNNVD-202303-1015

CVE-2023-24908

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24908

43

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1013

CVE-2023-24909

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24909

44

Microsoft Graphics Component 安全漏洞

CNNVD-202303-1014

CVE-2023-24910

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910

45

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1010

CVE-2023-24913

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24913

46

Microsoft OneDrive 安全漏洞

CNNVD-202303-1001

CVE-2023-24930

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930

47

Microsoft Defender 安全漏洞

CNNVD-202303-1021

CVE-2023-23389

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23389

48

Microsoft Office for Android 安全漏洞

CNNVD-202303-1023

CVE-2023-23391

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391

49

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

CNNVD-202303-1029

CVE-2023-23394

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23394

50

Microsoft Excel 安全漏洞

CNNVD-202303-1033

CVE-2023-23396

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396

51

Microsoft Azure Apache Ambari 安全漏洞

CNNVD-202303-1067

CVE-2023-23408

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23408

52

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

CNNVD-202303-1069

CVE-2023-23409

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23409

53

Microsoft Windows Hyper-V 安全漏洞

CNNVD-202303-1074

CVE-2023-23411

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23411

54

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1044

CVE-2023-24856

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24856

55

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1055

CVE-2023-24857

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24857

56

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1053

CVE-2023-24858

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24858

57

Microsoft Windows Secure Channel 安全漏洞

CNNVD-202303-1050

CVE-2023-24862

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24862

58

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1049

CVE-2023-24863

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24863

59

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1048

CVE-2023-24865

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24865

60

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1047

CVE-2023-24866

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24866

61

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1043

CVE-2023-24870

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24870

62

Microsoft Dynamics 安全漏洞

CNNVD-202303-1031

CVE-2023-24879

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879

63

Microsoft Defender SmartScreen 安全漏洞

CNNVD-202303-1034

CVE-2023-24880

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

64

Microsoft OneDrive 安全漏洞

CNNVD-202303-1028

CVE-2023-24882

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882

65

Microsoft OneDrive 安全漏洞

CNNVD-202303-1027

CVE-2023-24890

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890

66

Microsoft Dynamics 安全漏洞

CNNVD-202303-1025

CVE-2023-24891

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891

67

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1020

CVE-2023-24906

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24906

68

Microsoft PostScript Printer Driver 安全漏洞

CNNVD-202303-1011

CVE-2023-24911

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24911

69

Microsoft Dynamics 安全漏洞

CNNVD-202303-1008

CVE-2023-24919

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919

70

Microsoft Dynamics 安全漏洞

CNNVD-202303-1007

CVE-2023-24920

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920

71

Microsoft Dynamics 安全漏洞

CNNVD-202303-1006

CVE-2023-24921

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921

72

Microsoft Dynamics 安全漏洞

CNNVD-202303-1005

CVE-2023-24922

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922

73

Microsoft OneDrive 安全漏洞

CNNVD-202303-1004

CVE-2023-24923

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923

74

Microsoft SharePoint 安全漏洞

CNNVD-202303-1030

CVE-2023-23395

低危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395

此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞2个,中危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Hyper-V安全漏洞

CNNVD-202204-3177

CVE-2022-23257

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23257

2

Microsoft Dynamics 安全漏洞

CNNVD-202212-3159

CVE-2022-41127

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127

3

Windows DCOM Server 安全特征问题漏洞

CNNVD-202106-546

CVE-2021-26414

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414

此次更新共包括9个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞4个,中危漏洞4个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

TCG TPM 缓冲区错误漏洞

CNNVD-202302-2422

CVE-2023-1017

高危

TCG

https://trustedcomputinggroup.org/resource/errata-for-tpm-library-specification-2-0/

2

Git 代码问题漏洞

CNNVD-202302-1069

CVE-2023-22743

高危

Git

https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq

3

Git 代码问题漏洞

CNNVD-202302-1071

CVE-2023-23618

高危

Git

https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c

4

Git 路径遍历漏洞

CNNVD-202302-1164

CVE-2023-23946

高危

Git

https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd

5

多款AMD处理器安全漏洞

CNNVD-202207-891

CVE-2022-23825

中危

AMD

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

6

curl 资源管理错误漏洞

CNNVD-202212-3687

CVE-2022-43552

中危

个人开发者

https://curl.se/docs/CVE-2022-43552.html

7

TCG TPM 缓冲区错误漏洞

CNNVD-202302-2314

CVE-2023-1018

中危

TCG

https://trustedcomputinggroup.org/resource/errata-for-tpm-library-specification-2-0/

8

Git 后置链接漏洞

CNNVD-202302-1136

CVE-2023-22490

中危

个人开发者

https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd

9

AMD CPU 安全漏洞

CNNVD-202207-892

CVE-2022-23816

低危

AMD

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。