近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞174个,影响到微软产品的其他厂商漏洞21个。包括Microsoft Message Queuing 安全漏洞(CNNVD-202310-723、CVE-2023-35349)、Microsoft Windows IIS 安全漏洞(CNNVD-202310-801、CVE-2023-36434)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2023年10月10日,微软发布了2023年10月份安全更新,共195个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Client/Server Runtime Subsystem、Microsoft Windows HTML Platform、Microsoft Windows Error Reporting、Microsoft Windows Power Management Service、Microsoft Common Data Model SDK等。CNNVD对其危害等级进行了评价,其中超危漏洞7个,高危漏洞139个,中危漏洞48个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:

https://portal.msrc.microsoft.com/zh-cn/security-guidance

二、漏洞详情

此次更新共包括103个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞81个,中危漏洞19个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Message Queuing 安全漏洞

CNNVD-202310-723

CVE-2023-35349

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349

2

Microsoft Windows IIS 安全漏洞

CNNVD-202310-801

CVE-2023-36434

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

3

Microsoft Azure SDK 安全漏洞

CNNVD-202310-788

CVE-2023-36414

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414

4

Microsoft Azure SDK 安全漏洞

CNNVD-202310-791

CVE-2023-36415

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415

5

Microsoft ODBC Driver 安全漏洞

CNNVD-202310-795

CVE-2023-36417

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417

6

Microsoft Azure Real Time Operating System 安全漏洞

CNNVD-202310-796

CVE-2023-36418

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418

7

Microsoft Azure 安全漏洞

CNNVD-202310-794

CVE-2023-36419

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419

8

Microsoft ODBC Driver 安全漏洞

CNNVD-202310-799

CVE-2023-36420

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420

9

Microsoft Message Queuing 安全漏洞

CNNVD-202310-802

CVE-2023-36431

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431

10

Microsoft QUIC 安全漏洞

CNNVD-202310-806

CVE-2023-36435

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435

11

Microsoft Windows HTML Platform 安全漏洞

CNNVD-202310-808

CVE-2023-36436

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436

12

Microsoft Windows TCP/IP 安全漏洞

CNNVD-202310-805

CVE-2023-36438

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438

13

Microsoft Windows HTML Platform 安全漏洞

CNNVD-202310-811

CVE-2023-36557

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557

14

Microsoft Azure DevOps Server 安全漏洞

CNNVD-202310-810

CVE-2023-36561

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561

15

Microsoft Office 安全漏洞

CNNVD-202310-813

CVE-2023-36565

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565

16

Microsoft Windows Deployment Services 安全漏洞

CNNVD-202310-819

CVE-2023-36567

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567

17

Microsoft Office 安全漏洞

CNNVD-202310-818

CVE-2023-36568

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568

18

Microsoft Office 安全漏洞

CNNVD-202310-821

CVE-2023-36569

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569

19

Microsoft Message Queuing 安全漏洞

CNNVD-202310-822

CVE-2023-36570

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570

20

Microsoft Message Queuing 安全漏洞

CNNVD-202310-820

CVE-2023-36571

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571

21

Microsoft Message Queuing 安全漏洞

CNNVD-202310-816

CVE-2023-36572

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572

22

Microsoft Message Queuing 安全漏洞

CNNVD-202310-814

CVE-2023-36573

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573

23

Microsoft Message Queuing 安全漏洞

CNNVD-202310-809

CVE-2023-36574

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574

24

Microsoft Message Queuing 安全漏洞

CNNVD-202310-807

CVE-2023-36575

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575

25

Microsoft OLE DB Provider for SQL Server 安全漏洞

CNNVD-202310-800

CVE-2023-36577

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577

26

Microsoft Message Queuing 安全漏洞

CNNVD-202310-797

CVE-2023-36578

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578

27

Microsoft Message Queuing 安全漏洞

CNNVD-202310-792

CVE-2023-36579

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579

28

Microsoft Message Queuing 安全漏洞

CNNVD-202310-789

CVE-2023-36581

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581

29

Microsoft Message Queuing 安全漏洞

CNNVD-202310-786

CVE-2023-36582

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582

30

Microsoft Message Queuing 安全漏洞

CNNVD-202310-785

CVE-2023-36583

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583

31

Microsoft Windows Active Directory 安全漏洞

CNNVD-202310-782

CVE-2023-36585

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585

32

Microsoft Message Queuing 安全漏洞

CNNVD-202310-781

CVE-2023-36589

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589

33

Microsoft Message Queuing 安全漏洞

CNNVD-202310-784

CVE-2023-36590

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590

34

Microsoft Message Queuing 安全漏洞

CNNVD-202310-780

CVE-2023-36591

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591

35

Microsoft Message Queuing 安全漏洞

CNNVD-202310-779

CVE-2023-36592

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592

36

Microsoft Message Queuing 安全漏洞

CNNVD-202310-778

CVE-2023-36593

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593

37

Microsoft Graphics Component 安全漏洞

CNNVD-202310-793

CVE-2023-36594

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594

38

Microsoft ODBC Driver 安全漏洞

CNNVD-202310-774

CVE-2023-36598

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598

39

Microsoft Windows TCP/IP 安全漏洞

CNNVD-202310-776

CVE-2023-36602

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602

40

Microsoft Windows TCP/IP 安全漏洞

CNNVD-202310-772

CVE-2023-36603

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603

41

Microsoft Windows Named Pipe File System 安全漏洞

CNNVD-202310-771

CVE-2023-36605

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605

42

Microsoft Message Queuing 安全漏洞

CNNVD-202310-773

CVE-2023-36606

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606

43

Microsoft Windows Resilient File System (ReFS) 安全漏洞

CNNVD-202310-767

CVE-2023-36701

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701

44

Microsoft Windows DirectMusic 安全漏洞

CNNVD-202310-777

CVE-2023-36702

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702

45

Microsoft Windows DHCP Server 安全漏洞

CNNVD-202310-768

CVE-2023-36703

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703

46

Microsoft Windows Setup Files Cleanup 安全漏洞

CNNVD-202310-766

CVE-2023-36704

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704

47

Microsoft Windows AllJoyn API 安全漏洞

CNNVD-202310-763

CVE-2023-36709

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709

48

Microsoft Windows Media Foundation 安全漏洞

CNNVD-202310-762

CVE-2023-36710

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710

49

Microsoft Windows Runtime C++ Template Library 安全漏洞

CNNVD-202310-761

CVE-2023-36711

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711

50

Microsoft Windows Kernel 安全漏洞

CNNVD-202310-760

CVE-2023-36712

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712

51

Microsoft Windows Virtual Trusted Platform Module 安全漏洞

CNNVD-202310-756

CVE-2023-36718

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718

52

Microsoft Windows Mixed Reality Developer Tools 安全漏洞

CNNVD-202310-755

CVE-2023-36720

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720

53

Microsoft Windows Error Reporting 安全漏洞

CNNVD-202310-754

CVE-2023-36721

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721

54

Microsoft Windows Container Manager Service 安全漏洞

CNNVD-202310-751

CVE-2023-36723

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723

55

Microsoft Windows Kernel 安全漏洞

CNNVD-202310-750

CVE-2023-36725

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725

56

Microsoft Windows IKE Extension 安全漏洞

CNNVD-202310-747

CVE-2023-36726

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726

57

Microsoft Windows Named Pipe File System 安全漏洞

CNNVD-202310-744

CVE-2023-36729

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729

58

Microsoft ODBC Driver 安全漏洞

CNNVD-202310-742

CVE-2023-36730

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730

59

Microsoft Win32K 安全漏洞

CNNVD-202310-740

CVE-2023-36731

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731

60

Microsoft Win32K 安全漏洞

CNNVD-202310-738

CVE-2023-36732

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732

61

Microsoft Azure 安全漏洞

CNNVD-202310-725

CVE-2023-36737

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737

62

Microsoft Win32K 安全漏洞

CNNVD-202310-757

CVE-2023-36743

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743

63

Microsoft Win32K 安全漏洞

CNNVD-202310-749

CVE-2023-36776

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776

64

Microsoft Exchange Server 安全漏洞

CNNVD-202310-748

CVE-2023-36778

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778

65

Microsoft Skype for Business Server 安全漏洞

CNNVD-202310-745

CVE-2023-36780

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780

66

Microsoft ODBC Driver 安全漏洞

CNNVD-202310-743

CVE-2023-36785

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785

67

Microsoft Skype for Business 安全漏洞

CNNVD-202310-741

CVE-2023-36786

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786

68

Microsoft Skype for Business 安全漏洞

CNNVD-202310-739

CVE-2023-36789

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789

69

Microsoft Windows RDP 安全漏洞

CNNVD-202310-737

CVE-2023-36790

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790

70

Microsoft Windows Client/Server Runtime Subsystem 安全漏洞

CNNVD-202310-724

CVE-2023-36902

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902

71

Microsoft Graphics Component 安全漏洞

CNNVD-202310-736

CVE-2023-38159

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159

72

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-735

CVE-2023-38166

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166

73

Microsoft QUIC 安全漏洞

CNNVD-202310-726

CVE-2023-38171

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171

74

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-729

CVE-2023-41765

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765

75

Microsoft Client Server Run-time Subsystem 安全漏洞

CNNVD-202310-733

CVE-2023-41766

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766

76

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-734

CVE-2023-41767

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767

77

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-732

CVE-2023-41768

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768

78

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-731

CVE-2023-41769

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769

79

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-727

CVE-2023-41770

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770

80

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-721

CVE-2023-41771

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771

81

Microsoft Win32K 安全漏洞

CNNVD-202310-722

CVE-2023-41772

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772

82

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-720

CVE-2023-41773

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773

83

Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞

CNNVD-202310-719

CVE-2023-41774

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774

84

Microsoft Windows Remote Desktop Protocol 安全漏洞

CNNVD-202310-787

CVE-2023-29348

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348

85

Microsoft Dynamics 365 安全漏洞

CNNVD-202310-790

CVE-2023-36416

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416

86

Microsoft Dynamics 365 安全漏洞

CNNVD-202310-798

CVE-2023-36429

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429

87

Microsoft Dynamics 365 安全漏洞

CNNVD-202310-803

CVE-2023-36433

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433

88

Microsoft WordPad 安全漏洞

CNNVD-202310-812

CVE-2023-36563

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563

89

Microsoft Windows Search Component 安全漏洞

CNNVD-202310-815

CVE-2023-36564

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564

90

Microsoft Common Data Model SDK 安全漏洞

CNNVD-202310-817

CVE-2023-36566

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566

91

Microsoft Windows Kernel 安全漏洞

CNNVD-202310-804

CVE-2023-36576

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576

92

Microsoft Windows 安全漏洞

CNNVD-202310-783

CVE-2023-36584

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584

93

Microsoft Windows Remote Procedure Call 安全漏洞

CNNVD-202310-775

CVE-2023-36596

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596

94

Microsoft Message Queuing 安全漏洞

CNNVD-202310-770

CVE-2023-36697

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697

95

Microsoft Windows Deployment Services 安全漏洞

CNNVD-202310-765

CVE-2023-36706

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706

96

Microsoft Windows Deployment Services 安全漏洞

CNNVD-202310-764

CVE-2023-36707

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707

97

Microsoft Windows Common Log File System Driver 安全漏洞

CNNVD-202310-759

CVE-2023-36713

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713

98

Microsoft Windows TPM 安全漏洞

CNNVD-202310-758

CVE-2023-36717

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717

99

Microsoft Active Directory Domain Services 安全漏洞

CNNVD-202310-752

CVE-2023-36722

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722

100

Microsoft Windows Power Management Service 安全漏洞

CNNVD-202310-753

CVE-2023-36724

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724

101

Microsoft SQL Server 安全漏洞

CNNVD-202310-746

CVE-2023-36728

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728

102

Microsoft Skype for Business 安全漏洞

CNNVD-202310-728

CVE-2023-41763

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763

103

Microsoft Windows Kernel 安全漏洞

CNNVD-202310-769

CVE-2023-36698

低危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698

此次更新共包括71个更新漏洞的补丁程序,其中超危漏洞5个,高危漏洞48个,中危漏洞18个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Exchange Server 安全漏洞

CNNVD-202308-737

CVE-2023-21709

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709

2

Microsoft Azure Kubernetes 输入验证错误漏洞

CNNVD-202309-793

CVE-2023-29332

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332

3

Microsoft Edge 安全漏洞

CNNVD-202309-1119

CVE-2023-36735

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735

4

Microsoft Visual Studio 安全漏洞

CNNVD-202309-804

CVE-2023-36758

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758

5

Microsoft Office 安全漏洞

CNNVD-202309-812

CVE-2023-36765

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765

6

Microsoft Visual Studio 安全漏洞

CNNVD-202208-2505

CVE-2022-35825

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825

7

Microsoft Windows Kerberos 安全漏洞

CNNVD-202211-2288

CVE-2022-37967

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967

8

Microsoft Dynamics 安全漏洞

CNNVD-202212-3159

CVE-2022-41127

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127

9

Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞

CNNVD-202306-853

CVE-2023-24936

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936

10

Microsoft Raw Image Extension 安全漏洞

CNNVD-202307-886

CVE-2023-32051

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32051

11

Microsoft Azure DevOps Server 安全漏洞

CNNVD-202309-795

CVE-2023-33136

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136

12

Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞

CNNVD-202309-796

CVE-2023-35355

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355

13

Microsoft Edge 安全漏洞

CNNVD-202309-1116

CVE-2023-36562

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562

14

Microsoft 3D Viewer 安全漏洞

CNNVD-202309-799

CVE-2023-36739

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739

15

Microsoft 3D Viewer 安全漏洞

CNNVD-202309-800

CVE-2023-36740

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740

16

Microsoft Visual Studio Code 安全漏洞

CNNVD-202309-798

CVE-2023-36742

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742

17

Microsoft Exchange Server 安全漏洞

CNNVD-202309-802

CVE-2023-36744

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744

18

Microsoft Exchange Server 安全漏洞

CNNVD-202309-801

CVE-2023-36745

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745

19

Microsoft Exchange Server 安全漏洞

CNNVD-202309-813

CVE-2023-36756

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756

20

Microsoft Exchange Server 安全漏洞

CNNVD-202309-803

CVE-2023-36757

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757

21

Microsoft 3D Viewer 安全漏洞

CNNVD-202309-808

CVE-2023-36760

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760

22

Microsoft Word 安全漏洞

CNNVD-202309-810

CVE-2023-36762

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762

23

Microsoft Outlook 安全漏洞

CNNVD-202309-811

CVE-2023-36763

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763

24

Microsoft SharePoint 安全漏洞

CNNVD-202309-807

CVE-2023-36764

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764

25

Microsoft 3D Builder 安全漏洞

CNNVD-202309-815

CVE-2023-36770

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770

26

Microsoft 3D Builder 安全漏洞

CNNVD-202309-817

CVE-2023-36771

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771

27

Microsoft 3D Builder 安全漏洞

CNNVD-202309-816

CVE-2023-36772

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772

28

Microsoft 3D Builder 安全漏洞

CNNVD-202309-818

CVE-2023-36773

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773

29

Microsoft .NET Framework 安全漏洞

CNNVD-202309-819

CVE-2023-36788

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788

30

Microsoft .NET和Microsoft Visual Studio 安全漏洞

CNNVD-202309-896

CVE-2023-36792

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

31

Microsoft Visual Studio和Microsoft .NET 安全漏洞

CNNVD-202309-832

CVE-2023-36793

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793

32

Microsoft Visual Studio和Microsoft .NET 安全漏洞

CNNVD-202309-837

CVE-2023-36794

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794

33

Microsoft Visual Studio和Microsoft .NET 安全漏洞

CNNVD-202309-824

CVE-2023-36796

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796

34

Microsoft Streaming Service 安全漏洞

CNNVD-202309-835

CVE-2023-36802

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802

35

Microsoft Windows GDI 安全漏洞

CNNVD-202309-846

CVE-2023-36804

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804

36

Microsoft Windows Scripting 安全漏洞

CNNVD-202309-843

CVE-2023-36805

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805

37

Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞

CNNVD-202308-692

CVE-2023-36876

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876

38

Microsoft Tablet Windows User Interface 安全漏洞

CNNVD-202308-702

CVE-2023-36898

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898

39

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-847

CVE-2023-38139

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139

40

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-849

CVE-2023-38141

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141

41

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-848

CVE-2023-38142

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142

42

Microsoft Windows Common Log File System Driver 安全漏洞

CNNVD-202309-844

CVE-2023-38143

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143

43

Microsoft Windows Common Log File System Driver 安全漏洞

CNNVD-202309-841

CVE-2023-38144

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38144

44

Microsoft Windows Themes 安全漏洞

CNNVD-202309-836

CVE-2023-38146

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146

45

Microsoft Windows Codecs Library 安全漏洞

CNNVD-202309-833

CVE-2023-38147

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147

46

Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞

CNNVD-202309-830

CVE-2023-38148

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38148

47

Microsoft Windows TCP/IP 资源管理错误漏洞

CNNVD-202309-826

CVE-2023-38149

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38149

48

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-823

CVE-2023-38150

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38150

49

Microsoft Azure DevOps Server 安全漏洞

CNNVD-202309-865

CVE-2023-38155

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155

50

Microsoft Azure 安全漏洞

CNNVD-202309-825

CVE-2023-38156

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156

51

Microsoft Windows GDI 安全漏洞

CNNVD-202309-821

CVE-2023-38161

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38161

52

Microsoft Windows DHCP Server 资源管理错误漏洞

CNNVD-202309-822

CVE-2023-38162

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38162

53

Microsoft Windows Defender 安全漏洞

CNNVD-202309-872

CVE-2023-38163

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163

54

Microsoft Edge 跨站脚本漏洞

CNNVD-202306-182

CVE-2023-29345

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345

55

Microsoft Edge 安全漏洞

CNNVD-202309-1117

CVE-2023-36727

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727

56

Microsoft Identity Linux Broker 安全漏洞

CNNVD-202309-797

CVE-2023-36736

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736

57

Microsoft Visual Studio 安全漏洞

CNNVD-202309-805

CVE-2023-36759

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759

58

Microsoft Word 安全漏洞

CNNVD-202309-809

CVE-2023-36761

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761

59

Microsoft Excel 安全漏洞

CNNVD-202309-814

CVE-2023-36766

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766

60

Microsoft Office 安全漏洞

CNNVD-202309-806

CVE-2023-36767

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767

61

Microsoft Exchange Server 安全漏洞

CNNVD-202309-820

CVE-2023-36777

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777

62

Microsoft .NET Core和Microsoft Visual Studio 安全漏洞

CNNVD-202309-828

CVE-2023-36799

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799

63

Microsoft Dynamics Finance & Operations 跨站脚本漏洞

CNNVD-202309-829

CVE-2023-36800

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800

64

Microsoft Windows DHCP Server 安全漏洞

CNNVD-202309-838

CVE-2023-36801

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36801

65

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-840

CVE-2023-36803

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803

66

Microsoft Dynamics 365 跨站脚本漏洞

CNNVD-202309-852

CVE-2023-36886

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886

67

Microsoft Windows Kernel 安全漏洞

CNNVD-202309-853

CVE-2023-38140

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140

68

Microsoft Windows DHCP Server 安全漏洞

CNNVD-202309-890

CVE-2023-38152

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38152

69

Microsoft Windows TCP/IP 安全漏洞

CNNVD-202309-868

CVE-2023-38160

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160

70

Microsoft Dynamics 365 跨站脚本漏洞

CNNVD-202309-874

CVE-2023-38164

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164

71

Microsoft Office 安全漏洞

CNNVD-202309-875

CVE-2023-41764

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41764

此次更新共包括21个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞10个,中危漏洞11个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Autodesk FBX-SDK 资源管理错误漏洞

CNNVD-202210-946

CVE-2022-41303

高危

Autodesk

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022

2

libwebp 资源管理错误漏洞

CNNVD-202305-177

CVE-2023-1999

高危

WebP项目

https://github.com/webmproject/libwebp

3

Autodesk FBX-SDK 缓冲区错误漏洞

CNNVD-202304-1342

CVE-2023-27909

高危

Autodesk

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004

4

Autodesk FBX-SDK 缓冲区错误漏洞

CNNVD-202304-1347

CVE-2023-27911

高危

Autodesk

https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004

5

Apache HTTP/2 安全漏洞

CNNVD-202310-667

CVE-2023-44487

高危

Apache基金会

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

6

Google Chrome 缓冲区错误漏洞

CNNVD-202309-784

CVE-2023-4863

高危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

7

Google Chrome 资源管理错误漏洞

CNNVD-202309-2548

CVE-2023-5186

高危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

8

Google Chrome 资源管理错误漏洞

CNNVD-202309-2546

CVE-2023-5187

高危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

9

Google Chrome 缓冲区错误漏洞

CNNVD-202309-2505

CVE-2023-5217

高危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

10

Google Chrome 安全漏洞

CNNVD-202310-219

CVE-2023-5346

高危

Google

https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html

11

Electron 代码注入漏洞

CNNVD-202309-566

CVE-2023-39956

中危

个人开发者

https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5

12

Google Chrome 安全漏洞

CNNVD-202309-918

CVE-2023-4900

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

13

Google Chrome 安全漏洞

CNNVD-202309-920

CVE-2023-4901

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

14

Google Chrome 安全漏洞

CNNVD-202309-921

CVE-2023-4902

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

15

Google Chrome 安全漏洞

CNNVD-202309-923

CVE-2023-4903

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

16

Google Chrome 安全漏洞

CNNVD-202309-929

CVE-2023-4904

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

17

Google Chrome 安全漏洞

CNNVD-202309-928

CVE-2023-4905

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

18

Google Chrome 安全漏洞

CNNVD-202309-927

CVE-2023-4906

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

19

Google Chrome 安全漏洞

CNNVD-202309-925

CVE-2023-4907

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

20

Google Chrome 安全漏洞

CNNVD-202309-922

CVE-2023-4908

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

21

Google Chrome 安全漏洞

CNNVD-202309-924

CVE-2023-4909

中危

Google

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。