近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞174个,影响到微软产品的其他厂商漏洞21个。包括Microsoft Message Queuing 安全漏洞(CNNVD-202310-723、CVE-2023-35349)、Microsoft Windows IIS 安全漏洞(CNNVD-202310-801、CVE-2023-36434)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年10月10日,微软发布了2023年10月份安全更新,共195个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Client/Server Runtime Subsystem、Microsoft Windows HTML Platform、Microsoft Windows Error Reporting、Microsoft Windows Power Management Service、Microsoft Common Data Model SDK等。CNNVD对其危害等级进行了评价,其中超危漏洞7个,高危漏洞139个,中危漏洞48个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括103个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞81个,中危漏洞19个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-723 | CVE-2023-35349 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 |
2 | Microsoft Windows IIS 安全漏洞 | CNNVD-202310-801 | CVE-2023-36434 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434 |
3 | Microsoft Azure SDK 安全漏洞 | CNNVD-202310-788 | CVE-2023-36414 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414 |
4 | Microsoft Azure SDK 安全漏洞 | CNNVD-202310-791 | CVE-2023-36415 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415 |
5 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-795 | CVE-2023-36417 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 |
6 | Microsoft Azure Real Time Operating System 安全漏洞 | CNNVD-202310-796 | CVE-2023-36418 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418 |
7 | Microsoft Azure 安全漏洞 | CNNVD-202310-794 | CVE-2023-36419 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419 |
8 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-799 | CVE-2023-36420 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 |
9 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-802 | CVE-2023-36431 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431 |
10 | Microsoft QUIC 安全漏洞 | CNNVD-202310-806 | CVE-2023-36435 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435 |
11 | Microsoft Windows HTML Platform 安全漏洞 | CNNVD-202310-808 | CVE-2023-36436 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436 |
12 | Microsoft Windows TCP/IP 安全漏洞 | CNNVD-202310-805 | CVE-2023-36438 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438 |
13 | Microsoft Windows HTML Platform 安全漏洞 | CNNVD-202310-811 | CVE-2023-36557 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557 |
14 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202310-810 | CVE-2023-36561 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561 |
15 | Microsoft Office 安全漏洞 | CNNVD-202310-813 | CVE-2023-36565 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565 |
16 | Microsoft Windows Deployment Services 安全漏洞 | CNNVD-202310-819 | CVE-2023-36567 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567 |
17 | Microsoft Office 安全漏洞 | CNNVD-202310-818 | CVE-2023-36568 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568 |
18 | Microsoft Office 安全漏洞 | CNNVD-202310-821 | CVE-2023-36569 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569 |
19 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-822 | CVE-2023-36570 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570 |
20 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-820 | CVE-2023-36571 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571 |
21 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-816 | CVE-2023-36572 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572 |
22 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-814 | CVE-2023-36573 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573 |
23 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-809 | CVE-2023-36574 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574 |
24 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-807 | CVE-2023-36575 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575 |
25 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202310-800 | CVE-2023-36577 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577 |
26 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-797 | CVE-2023-36578 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578 |
27 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-792 | CVE-2023-36579 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579 |
28 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-789 | CVE-2023-36581 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581 |
29 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-786 | CVE-2023-36582 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582 |
30 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-785 | CVE-2023-36583 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583 |
31 | Microsoft Windows Active Directory 安全漏洞 | CNNVD-202310-782 | CVE-2023-36585 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585 |
32 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-781 | CVE-2023-36589 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589 |
33 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-784 | CVE-2023-36590 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590 |
34 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-780 | CVE-2023-36591 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591 |
35 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-779 | CVE-2023-36592 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592 |
36 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-778 | CVE-2023-36593 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593 |
37 | Microsoft Graphics Component 安全漏洞 | CNNVD-202310-793 | CVE-2023-36594 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 |
38 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-774 | CVE-2023-36598 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598 |
39 | Microsoft Windows TCP/IP 安全漏洞 | CNNVD-202310-776 | CVE-2023-36602 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602 |
40 | Microsoft Windows TCP/IP 安全漏洞 | CNNVD-202310-772 | CVE-2023-36603 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603 |
41 | Microsoft Windows Named Pipe File System 安全漏洞 | CNNVD-202310-771 | CVE-2023-36605 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605 |
42 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-773 | CVE-2023-36606 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606 |
43 | Microsoft Windows Resilient File System (ReFS) 安全漏洞 | CNNVD-202310-767 | CVE-2023-36701 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701 |
44 | Microsoft Windows DirectMusic 安全漏洞 | CNNVD-202310-777 | CVE-2023-36702 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702 |
45 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202310-768 | CVE-2023-36703 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703 |
46 | Microsoft Windows Setup Files Cleanup 安全漏洞 | CNNVD-202310-766 | CVE-2023-36704 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704 |
47 | Microsoft Windows AllJoyn API 安全漏洞 | CNNVD-202310-763 | CVE-2023-36709 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709 |
48 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202310-762 | CVE-2023-36710 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710 |
49 | Microsoft Windows Runtime C++ Template Library 安全漏洞 | CNNVD-202310-761 | CVE-2023-36711 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711 |
50 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202310-760 | CVE-2023-36712 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712 |
51 | Microsoft Windows Virtual Trusted Platform Module 安全漏洞 | CNNVD-202310-756 | CVE-2023-36718 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718 |
52 | Microsoft Windows Mixed Reality Developer Tools 安全漏洞 | CNNVD-202310-755 | CVE-2023-36720 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720 |
53 | Microsoft Windows Error Reporting 安全漏洞 | CNNVD-202310-754 | CVE-2023-36721 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721 |
54 | Microsoft Windows Container Manager Service 安全漏洞 | CNNVD-202310-751 | CVE-2023-36723 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723 |
55 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202310-750 | CVE-2023-36725 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725 |
56 | Microsoft Windows IKE Extension 安全漏洞 | CNNVD-202310-747 | CVE-2023-36726 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726 |
57 | Microsoft Windows Named Pipe File System 安全漏洞 | CNNVD-202310-744 | CVE-2023-36729 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729 |
58 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-742 | CVE-2023-36730 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 |
59 | Microsoft Win32K 安全漏洞 | CNNVD-202310-740 | CVE-2023-36731 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731 |
60 | Microsoft Win32K 安全漏洞 | CNNVD-202310-738 | CVE-2023-36732 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732 |
61 | Microsoft Azure 安全漏洞 | CNNVD-202310-725 | CVE-2023-36737 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737 |
62 | Microsoft Win32K 安全漏洞 | CNNVD-202310-757 | CVE-2023-36743 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743 |
63 | Microsoft Win32K 安全漏洞 | CNNVD-202310-749 | CVE-2023-36776 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776 |
64 | Microsoft Exchange Server 安全漏洞 | CNNVD-202310-748 | CVE-2023-36778 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778 |
65 | Microsoft Skype for Business Server 安全漏洞 | CNNVD-202310-745 | CVE-2023-36780 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780 |
66 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202310-743 | CVE-2023-36785 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 |
67 | Microsoft Skype for Business 安全漏洞 | CNNVD-202310-741 | CVE-2023-36786 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786 |
68 | Microsoft Skype for Business 安全漏洞 | CNNVD-202310-739 | CVE-2023-36789 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789 |
69 | Microsoft Windows RDP 安全漏洞 | CNNVD-202310-737 | CVE-2023-36790 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790 |
70 | Microsoft Windows Client/Server Runtime Subsystem 安全漏洞 | CNNVD-202310-724 | CVE-2023-36902 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 |
71 | Microsoft Graphics Component 安全漏洞 | CNNVD-202310-736 | CVE-2023-38159 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159 |
72 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-735 | CVE-2023-38166 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166 |
73 | Microsoft QUIC 安全漏洞 | CNNVD-202310-726 | CVE-2023-38171 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 |
74 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-729 | CVE-2023-41765 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765 |
75 | Microsoft Client Server Run-time Subsystem 安全漏洞 | CNNVD-202310-733 | CVE-2023-41766 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766 |
76 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-734 | CVE-2023-41767 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767 |
77 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-732 | CVE-2023-41768 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768 |
78 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-731 | CVE-2023-41769 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769 |
79 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-727 | CVE-2023-41770 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770 |
80 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-721 | CVE-2023-41771 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771 |
81 | Microsoft Win32K 安全漏洞 | CNNVD-202310-722 | CVE-2023-41772 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772 |
82 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-720 | CVE-2023-41773 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773 |
83 | Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 | CNNVD-202310-719 | CVE-2023-41774 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774 |
84 | Microsoft Windows Remote Desktop Protocol 安全漏洞 | CNNVD-202310-787 | CVE-2023-29348 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348 |
85 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202310-790 | CVE-2023-36416 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416 |
86 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202310-798 | CVE-2023-36429 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429 |
87 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202310-803 | CVE-2023-36433 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433 |
88 | Microsoft WordPad 安全漏洞 | CNNVD-202310-812 | CVE-2023-36563 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563 |
89 | Microsoft Windows Search Component 安全漏洞 | CNNVD-202310-815 | CVE-2023-36564 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564 |
90 | Microsoft Common Data Model SDK 安全漏洞 | CNNVD-202310-817 | CVE-2023-36566 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566 |
91 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202310-804 | CVE-2023-36576 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576 |
92 | Microsoft Windows 安全漏洞 | CNNVD-202310-783 | CVE-2023-36584 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 |
93 | Microsoft Windows Remote Procedure Call 安全漏洞 | CNNVD-202310-775 | CVE-2023-36596 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596 |
94 | Microsoft Message Queuing 安全漏洞 | CNNVD-202310-770 | CVE-2023-36697 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697 |
95 | Microsoft Windows Deployment Services 安全漏洞 | CNNVD-202310-765 | CVE-2023-36706 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706 |
96 | Microsoft Windows Deployment Services 安全漏洞 | CNNVD-202310-764 | CVE-2023-36707 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707 |
97 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202310-759 | CVE-2023-36713 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713 |
98 | Microsoft Windows TPM 安全漏洞 | CNNVD-202310-758 | CVE-2023-36717 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717 |
99 | Microsoft Active Directory Domain Services 安全漏洞 | CNNVD-202310-752 | CVE-2023-36722 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722 |
100 | Microsoft Windows Power Management Service 安全漏洞 | CNNVD-202310-753 | CVE-2023-36724 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724 |
101 | Microsoft SQL Server 安全漏洞 | CNNVD-202310-746 | CVE-2023-36728 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 |
102 | Microsoft Skype for Business 安全漏洞 | CNNVD-202310-728 | CVE-2023-41763 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763 |
103 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202310-769 | CVE-2023-36698 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698 |
此次更新共包括71个更新漏洞的补丁程序,其中超危漏洞5个,高危漏洞48个,中危漏洞18个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Exchange Server 安全漏洞 | CNNVD-202308-737 | CVE-2023-21709 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 |
2 | Microsoft Azure Kubernetes 输入验证错误漏洞 | CNNVD-202309-793 | CVE-2023-29332 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332 |
3 | Microsoft Edge 安全漏洞 | CNNVD-202309-1119 | CVE-2023-36735 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 |
4 | Microsoft Visual Studio 安全漏洞 | CNNVD-202309-804 | CVE-2023-36758 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758 |
5 | Microsoft Office 安全漏洞 | CNNVD-202309-812 | CVE-2023-36765 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765 |
6 | Microsoft Visual Studio 安全漏洞 | CNNVD-202208-2505 | CVE-2022-35825 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825 |
7 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202211-2288 | CVE-2022-37967 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
8 | Microsoft Dynamics 安全漏洞 | CNNVD-202212-3159 | CVE-2022-41127 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127 |
9 | Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 | CNNVD-202306-853 | CVE-2023-24936 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
10 | Microsoft Raw Image Extension 安全漏洞 | CNNVD-202307-886 | CVE-2023-32051 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32051 |
11 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202309-795 | CVE-2023-33136 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 |
12 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202309-796 | CVE-2023-35355 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355 |
13 | Microsoft Edge 安全漏洞 | CNNVD-202309-1116 | CVE-2023-36562 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 |
14 | Microsoft 3D Viewer 安全漏洞 | CNNVD-202309-799 | CVE-2023-36739 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 |
15 | Microsoft 3D Viewer 安全漏洞 | CNNVD-202309-800 | CVE-2023-36740 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740 |
16 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202309-798 | CVE-2023-36742 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742 |
17 | Microsoft Exchange Server 安全漏洞 | CNNVD-202309-802 | CVE-2023-36744 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744 |
18 | Microsoft Exchange Server 安全漏洞 | CNNVD-202309-801 | CVE-2023-36745 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745 |
19 | Microsoft Exchange Server 安全漏洞 | CNNVD-202309-813 | CVE-2023-36756 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756 |
20 | Microsoft Exchange Server 安全漏洞 | CNNVD-202309-803 | CVE-2023-36757 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757 |
21 | Microsoft 3D Viewer 安全漏洞 | CNNVD-202309-808 | CVE-2023-36760 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760 |
22 | Microsoft Word 安全漏洞 | CNNVD-202309-810 | CVE-2023-36762 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762 |
23 | Microsoft Outlook 安全漏洞 | CNNVD-202309-811 | CVE-2023-36763 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763 |
24 | Microsoft SharePoint 安全漏洞 | CNNVD-202309-807 | CVE-2023-36764 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764 |
25 | Microsoft 3D Builder 安全漏洞 | CNNVD-202309-815 | CVE-2023-36770 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770 |
26 | Microsoft 3D Builder 安全漏洞 | CNNVD-202309-817 | CVE-2023-36771 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771 |
27 | Microsoft 3D Builder 安全漏洞 | CNNVD-202309-816 | CVE-2023-36772 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772 |
28 | Microsoft 3D Builder 安全漏洞 | CNNVD-202309-818 | CVE-2023-36773 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773 |
29 | Microsoft .NET Framework 安全漏洞 | CNNVD-202309-819 | CVE-2023-36788 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788 |
30 | Microsoft .NET和Microsoft Visual Studio 安全漏洞 | CNNVD-202309-896 | CVE-2023-36792 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 |
31 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-832 | CVE-2023-36793 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 |
32 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-837 | CVE-2023-36794 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 |
33 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-824 | CVE-2023-36796 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 |
34 | Microsoft Streaming Service 安全漏洞 | CNNVD-202309-835 | CVE-2023-36802 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802 |
35 | Microsoft Windows GDI 安全漏洞 | CNNVD-202309-846 | CVE-2023-36804 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804 |
36 | Microsoft Windows Scripting 安全漏洞 | CNNVD-202309-843 | CVE-2023-36805 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805 |
37 | Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞 | CNNVD-202308-692 | CVE-2023-36876 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876 |
38 | Microsoft Tablet Windows User Interface 安全漏洞 | CNNVD-202308-702 | CVE-2023-36898 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898 |
39 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-847 | CVE-2023-38139 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139 |
40 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-849 | CVE-2023-38141 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141 |
41 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-848 | CVE-2023-38142 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142 |
42 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202309-844 | CVE-2023-38143 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143 |
43 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202309-841 | CVE-2023-38144 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38144 |
44 | Microsoft Windows Themes 安全漏洞 | CNNVD-202309-836 | CVE-2023-38146 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146 |
45 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202309-833 | CVE-2023-38147 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147 |
46 | Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 | CNNVD-202309-830 | CVE-2023-38148 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38148 |
47 | Microsoft Windows TCP/IP 资源管理错误漏洞 | CNNVD-202309-826 | CVE-2023-38149 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38149 |
48 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-823 | CVE-2023-38150 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38150 |
49 | Microsoft Azure DevOps Server 安全漏洞 | CNNVD-202309-865 | CVE-2023-38155 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 |
50 | Microsoft Azure 安全漏洞 | CNNVD-202309-825 | CVE-2023-38156 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156 |
51 | Microsoft Windows GDI 安全漏洞 | CNNVD-202309-821 | CVE-2023-38161 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38161 |
52 | Microsoft Windows DHCP Server 资源管理错误漏洞 | CNNVD-202309-822 | CVE-2023-38162 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38162 |
53 | Microsoft Windows Defender 安全漏洞 | CNNVD-202309-872 | CVE-2023-38163 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163 |
54 | Microsoft Edge 跨站脚本漏洞 | CNNVD-202306-182 | CVE-2023-29345 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345 |
55 | Microsoft Edge 安全漏洞 | CNNVD-202309-1117 | CVE-2023-36727 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 |
56 | Microsoft Identity Linux Broker 安全漏洞 | CNNVD-202309-797 | CVE-2023-36736 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736 |
57 | Microsoft Visual Studio 安全漏洞 | CNNVD-202309-805 | CVE-2023-36759 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759 |
58 | Microsoft Word 安全漏洞 | CNNVD-202309-809 | CVE-2023-36761 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761 |
59 | Microsoft Excel 安全漏洞 | CNNVD-202309-814 | CVE-2023-36766 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766 |
60 | Microsoft Office 安全漏洞 | CNNVD-202309-806 | CVE-2023-36767 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767 |
61 | Microsoft Exchange Server 安全漏洞 | CNNVD-202309-820 | CVE-2023-36777 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777 |
62 | Microsoft .NET Core和Microsoft Visual Studio 安全漏洞 | CNNVD-202309-828 | CVE-2023-36799 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799 |
63 | Microsoft Dynamics Finance & Operations 跨站脚本漏洞 | CNNVD-202309-829 | CVE-2023-36800 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800 |
64 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202309-838 | CVE-2023-36801 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36801 |
65 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-840 | CVE-2023-36803 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803 |
66 | Microsoft Dynamics 365 跨站脚本漏洞 | CNNVD-202309-852 | CVE-2023-36886 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886 |
67 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202309-853 | CVE-2023-38140 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140 |
68 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202309-890 | CVE-2023-38152 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38152 |
69 | Microsoft Windows TCP/IP 安全漏洞 | CNNVD-202309-868 | CVE-2023-38160 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160 |
70 | Microsoft Dynamics 365 跨站脚本漏洞 | CNNVD-202309-874 | CVE-2023-38164 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164 |
71 | Microsoft Office 安全漏洞 | CNNVD-202309-875 | CVE-2023-41764 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41764 |
此次更新共包括21个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞10个,中危漏洞11个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Autodesk FBX-SDK 资源管理错误漏洞 | CNNVD-202210-946 | CVE-2022-41303 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 |
2 | libwebp 资源管理错误漏洞 | CNNVD-202305-177 | CVE-2023-1999 | 高危 | WebP项目 | https://github.com/webmproject/libwebp |
3 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1342 | CVE-2023-27909 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
4 | Autodesk FBX-SDK 缓冲区错误漏洞 | CNNVD-202304-1347 | CVE-2023-27911 | 高危 | Autodesk | https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
5 | Apache HTTP/2 安全漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
6 | Google Chrome 缓冲区错误漏洞 | CNNVD-202309-784 | CVE-2023-4863 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html | |
7 | Google Chrome 资源管理错误漏洞 | CNNVD-202309-2548 | CVE-2023-5186 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | |
8 | Google Chrome 资源管理错误漏洞 | CNNVD-202309-2546 | CVE-2023-5187 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | |
9 | Google Chrome 缓冲区错误漏洞 | CNNVD-202309-2505 | CVE-2023-5217 | 高危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html | |
10 | Google Chrome 安全漏洞 | CNNVD-202310-219 | CVE-2023-5346 | 高危 | https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html | |
11 | Electron 代码注入漏洞 | CNNVD-202309-566 | CVE-2023-39956 | 中危 | 个人开发者 | https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5 |
12 | Google Chrome 安全漏洞 | CNNVD-202309-918 | CVE-2023-4900 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
13 | Google Chrome 安全漏洞 | CNNVD-202309-920 | CVE-2023-4901 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
14 | Google Chrome 安全漏洞 | CNNVD-202309-921 | CVE-2023-4902 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
15 | Google Chrome 安全漏洞 | CNNVD-202309-923 | CVE-2023-4903 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
16 | Google Chrome 安全漏洞 | CNNVD-202309-929 | CVE-2023-4904 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
17 | Google Chrome 安全漏洞 | CNNVD-202309-928 | CVE-2023-4905 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
18 | Google Chrome 安全漏洞 | CNNVD-202309-927 | CVE-2023-4906 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
19 | Google Chrome 安全漏洞 | CNNVD-202309-925 | CVE-2023-4907 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
20 | Google Chrome 安全漏洞 | CNNVD-202309-922 | CVE-2023-4908 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html | |
21 | Google Chrome 安全漏洞 | CNNVD-202309-924 | CVE-2023-4909 | 中危 | https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。