近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞74个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Exchange Server 安全漏洞(CNNVD-202308-737、CVE-2023-21709)、Microsoft Message Queuing 安全漏洞(CNNVD-202308-734、CVE-2023-35385)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年8月8日,微软发布了2023年8月份安全更新,共75个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Dynamics 365、Microsoft Windows Mobile Device Management、Microsoft Windows HTML Platform、Microsoft Windows Cryptographic Services、Microsoft Azure等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞48个,中危漏洞23个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括73个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞47个,中危漏洞22个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-737 | CVE-2023-21709 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 |
2 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-734 | CVE-2023-35385 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35385 |
3 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-693 | CVE-2023-36910 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36910 |
4 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-691 | CVE-2023-36911 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36911 |
5 | Microsoft Teams 安全漏洞 | CNNVD-202308-678 | CVE-2023-29328 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29328 |
6 | Microsoft Teams 安全漏洞 | CNNVD-202308-679 | CVE-2023-29330 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29330 |
7 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202308-682 | CVE-2023-35359 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35359 |
8 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-683 | CVE-2023-35368 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368 |
9 | Microsoft Office 安全漏洞 | CNNVD-202308-744 | CVE-2023-35371 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35371 |
10 | Microsoft Office Visio 安全漏洞 | CNNVD-202308-747 | CVE-2023-35372 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35372 |
11 | Microsoft Projected File System 安全漏洞 | CNNVD-202308-719 | CVE-2023-35378 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35378 |
12 | Microsoft Windows 安全漏洞 | CNNVD-202308-718 | CVE-2023-35379 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35379 |
13 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202308-720 | CVE-2023-35380 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35380 |
14 | Microsoft Windows Fax Service 安全漏洞 | CNNVD-202308-721 | CVE-2023-35381 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35381 |
15 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202308-722 | CVE-2023-35382 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35382 |
16 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-724 | CVE-2023-35383 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35383 |
17 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202308-739 | CVE-2023-35386 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35386 |
18 | Microsoft Windows Bluetooth A2DP driver 安全漏洞 | CNNVD-202308-743 | CVE-2023-35387 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35387 |
19 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-750 | CVE-2023-35388 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388 |
20 | Microsoft .NET和Visual Studio 安全漏洞 | CNNVD-202308-749 | CVE-2023-35390 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390 |
21 | Microsoft ASP.NET Core和Visual Studio 安全漏洞 | CNNVD-202308-660 | CVE-2023-35391 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35391 |
22 | Microsoft Office Visio 安全漏洞 | CNNVD-202308-685 | CVE-2023-36865 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36865 |
23 | Microsoft Office Visio 安全漏洞 | CNNVD-202308-687 | CVE-2023-36866 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36866 |
24 | Microsoft .NET Framework 安全漏洞 | CNNVD-202308-659 | CVE-2023-36873 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873 |
25 | Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞 | CNNVD-202308-692 | CVE-2023-36876 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876 |
26 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202308-694 | CVE-2023-36882 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36882 |
27 | Microsoft SharePoint 安全漏洞 | CNNVD-202308-710 | CVE-2023-36891 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891 |
28 | Microsoft SharePoint 安全漏洞 | CNNVD-202308-714 | CVE-2023-36892 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892 |
29 | Microsoft Outlook 安全漏洞 | CNNVD-202308-713 | CVE-2023-36895 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36895 |
30 | Microsoft Excel 安全漏洞 | CNNVD-202308-707 | CVE-2023-36896 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36896 |
31 | Microsoft Visual Studio 安全漏洞 | CNNVD-202308-706 | CVE-2023-36897 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36897 |
32 | Microsoft Tablet Windows User Interface 安全漏洞 | CNNVD-202308-702 | CVE-2023-36898 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898 |
33 | Microsoft ASP.NET Core 安全漏洞 | CNNVD-202308-658 | CVE-2023-36899 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899 |
34 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202308-705 | CVE-2023-36900 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36900 |
35 | Microsoft Windows System Assessment Tool 安全漏洞 | CNNVD-202308-703 | CVE-2023-36903 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36903 |
36 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202308-704 | CVE-2023-36904 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36904 |
37 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-690 | CVE-2023-36912 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36912 |
38 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202308-684 | CVE-2023-38154 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38154 |
39 | Microsoft Dynamics Business Central 安全漏洞 | CNNVD-202308-681 | CVE-2023-38167 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167 |
40 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202308-701 | CVE-2023-38169 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 |
41 | Microsoft HEVC Video Extensions 安全漏洞 | CNNVD-202308-676 | CVE-2023-38170 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38170 |
42 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-677 | CVE-2023-38172 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38172 |
43 | Microsoft Windows Defender 安全漏洞 | CNNVD-202308-675 | CVE-2023-38175 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175 |
44 | Microsoft Azure Arc 安全漏洞 | CNNVD-202308-674 | CVE-2023-38176 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176 |
45 | Microsoft .NET Core和Visual Studio 安全漏洞 | CNNVD-202308-673 | CVE-2023-38178 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38178 |
46 | Microsoft .NET和Visual Studio 安全漏洞 | CNNVD-202308-657 | CVE-2023-38180 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180 |
47 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-672 | CVE-2023-38181 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181 |
48 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-671 | CVE-2023-38182 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182 |
49 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202308-670 | CVE-2023-38184 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38184 |
50 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-669 | CVE-2023-38185 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 |
51 | Microsoft Windows Mobile Device Management 安全漏洞 | CNNVD-202308-668 | CVE-2023-38186 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38186 |
52 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-711 | CVE-2023-35376 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35376 |
53 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-716 | CVE-2023-35377 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35377 |
54 | Microsoft Windows HTML Platform 安全漏洞 | CNNVD-202308-725 | CVE-2023-35384 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35384 |
55 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202308-746 | CVE-2023-35389 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35389 |
56 | Microsoft Azure 安全漏洞 | CNNVD-202308-748 | CVE-2023-35393 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393 |
57 | Microsoft Azure 安全漏洞 | CNNVD-202308-745 | CVE-2023-35394 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35394 |
58 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202308-689 | CVE-2023-36869 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869 |
59 | Microsoft Azure 安全漏洞 | CNNVD-202308-717 | CVE-2023-36877 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877 |
60 | Microsoft Azure 安全漏洞 | CNNVD-202308-715 | CVE-2023-36881 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881 |
61 | Microsoft Windows Group Policy 安全漏洞 | CNNVD-202308-697 | CVE-2023-36889 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36889 |
62 | Microsoft SharePoint 安全漏洞 | CNNVD-202308-712 | CVE-2023-36890 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890 |
63 | Microsoft Outlook 安全漏洞 | CNNVD-202308-709 | CVE-2023-36893 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36893 |
64 | Microsoft SharePoint 安全漏洞 | CNNVD-202308-708 | CVE-2023-36894 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894 |
65 | Microsoft Windows Wireless Networking 安全漏洞 | CNNVD-202308-700 | CVE-2023-36905 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36905 |
66 | Microsoft Windows Cryptographic Services 安全漏洞 | CNNVD-202308-699 | CVE-2023-36906 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36906 |
67 | Microsoft Windows Cryptographic Services 安全漏洞 | CNNVD-202308-698 | CVE-2023-36907 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36907 |
68 | Microsoft Hyper-V 安全漏洞 | CNNVD-202308-696 | CVE-2023-36908 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36908 |
69 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-695 | CVE-2023-36909 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909 |
70 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-688 | CVE-2023-36913 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36913 |
71 | Microsoft Windows Windows Smart Card Resource Management Server 安全漏洞 | CNNVD-202308-686 | CVE-2023-36914 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36914 |
72 | Microsoft Azure 安全漏洞 | CNNVD-202308-667 | CVE-2023-38188 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38188 |
73 | Microsoft Message Queuing 安全漏洞 | CNNVD-202308-666 | CVE-2023-38254 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38254 |
此次更新共包括1个更新漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Office 安全漏洞 | CNNVD-202307-797 | CVE-2023-36884 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | AMD CPUs 安全漏洞 | CNNVD-202308-733 | CVE-2023-20569 | 中危 | AMD | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-20569 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
