近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞66个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Visual Studio 安全漏洞(CNNVD-202405-1901、CVE-2024-32002)、Microsoft Windows Task Scheduler 后置链接漏洞(CNNVD-202405-1984、CVE-2024-26238)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2024年5月14日,微软发布了2024年5月份安全更新,共68个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft SharePoint、Microsoft Visual Studio、.NET and Visual Studio、Microsoft Windows Remote Access Connection Manager、Microsoft Win32k等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞32个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:

https://portal.msrc.microsoft.com/zh-cn/security-guidance

二、漏洞详情

此次更新共包括61个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞34个,中危漏洞26个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Visual Studio 安全漏洞

CNNVD-202405-1901

CVE-2024-32002

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32002

2

Microsoft Windows Task Scheduler 后置链接漏洞

CNNVD-202405-1984

CVE-2024-26238

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238

3

Microsoft Windows SCSI Class System File 缓冲区错误漏洞

CNNVD-202405-1981

CVE-2024-29994

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994

4

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

CNNVD-202405-1980

CVE-2024-29996

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996

5

Microsoft OLE DB Provider for SQL Server 资源管理错误漏洞

CNNVD-202405-1970

CVE-2024-30006

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006

6

Microsoft Brokering File System 安全漏洞

CNNVD-202405-1969

CVE-2024-30007

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007

7

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1967

CVE-2024-30009

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009

8

Microsoft Windows Hyper-V 安全漏洞

CNNVD-202405-1966

CVE-2024-30010

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010

9

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1963

CVE-2024-30014

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014

10

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1962

CVE-2024-30015

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015

11

Microsoft Windows Hyper-V 安全漏洞

CNNVD-202405-1961

CVE-2024-30017

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30017

12

Microsoft Windows Kernel 后置链接漏洞

CNNVD-202405-1958

CVE-2024-30018

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30018

13

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202405-1959

CVE-2024-30020

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30020

14

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1955

CVE-2024-30022

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30022

15

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1954

CVE-2024-30023

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30023

16

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1953

CVE-2024-30024

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024

17

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

CNNVD-202405-1951

CVE-2024-30025

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30025

18

Microsoft Windows NTFS 资源管理错误漏洞

CNNVD-202405-1952

CVE-2024-30027

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027

19

Microsoft Win32k 资源管理错误漏洞

CNNVD-202405-1950

CVE-2024-30028

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30028

20

Microsoft Windows Routing and Remote Access Service 安全漏洞

CNNVD-202405-1949

CVE-2024-30029

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029

21

Microsoft Win32k 代码问题漏洞

CNNVD-202405-1948

CVE-2024-30030

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30030

22

Microsoft Windows CNG Key Isolation Service 资源管理错误漏洞

CNNVD-202405-1947

CVE-2024-30031

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30031

23

Microsoft Windows DWM Core Library 资源管理错误漏洞

CNNVD-202405-1946

CVE-2024-30032

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30032

24

Microsoft Windows Search Component 后置链接漏洞

CNNVD-202405-1945

CVE-2024-30033

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033

25

Microsoft Windows DWM Core Library 资源管理错误漏洞

CNNVD-202405-1942

CVE-2024-30035

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30035

26

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

CNNVD-202405-1940

CVE-2024-30037

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037

27

Microsoft Win32K 安全漏洞

CNNVD-202405-1941

CVE-2024-30038

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038

28

Microsoft Windows MSHTML Platform 输入验证错误漏洞

CNNVD-202405-1938

CVE-2024-30040

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

29

Microsoft Excel 代码问题漏洞

CNNVD-202405-1936

CVE-2024-30042

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042

30

Microsoft SharePoint 代码问题漏洞

CNNVD-202405-1933

CVE-2024-30044

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044

31

Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞

CNNVD-202405-1930

CVE-2024-30047

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30047

32

Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞

CNNVD-202405-1929

CVE-2024-30048

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30048

33

Microsoft Win32K 资源管理错误漏洞

CNNVD-202405-1928

CVE-2024-30049

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049

34

Microsoft Windows DWM Core Library 安全漏洞

CNNVD-202405-2412

CVE-2024-30051

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

35

Microsoft Visual Studio 安全漏洞

CNNVD-202405-1905

CVE-2024-32004

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32004

36

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1979

CVE-2024-29997

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997

37

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1978

CVE-2024-29998

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998

38

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1977

CVE-2024-29999

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29999

39

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1976

CVE-2024-30000

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000

40

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1975

CVE-2024-30001

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30001

41

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1974

CVE-2024-30002

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30002

42

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1973

CVE-2024-30003

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30003

43

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1972

CVE-2024-30004

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30004

44

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1971

CVE-2024-30005

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30005

45

Microsoft Windows DWM Core Library 数字错误漏洞

CNNVD-202405-1968

CVE-2024-30008

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008

46

Microsoft Windows Hyper-V 数字错误漏洞

CNNVD-202405-1965

CVE-2024-30011

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30011

47

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1964

CVE-2024-30012

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30012

48

Microsoft Windows Cryptographic Services 缓冲区错误漏洞

CNNVD-202405-1960

CVE-2024-30016

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016

49

Microsoft Windows 资源管理错误漏洞

CNNVD-202405-1957

CVE-2024-30019

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30019

50

Microsoft Windows Mobile Broadband 输入验证错误漏洞

CNNVD-202405-1956

CVE-2024-30021

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30021

51

Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞

CNNVD-202405-1944

CVE-2024-30034

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034

52

Microsoft Windows Deployment Services 安全漏洞

CNNVD-202405-1943

CVE-2024-30036

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30036

53

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202405-1939

CVE-2024-30039

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039

54

Microsoft Bing 安全漏洞

CNNVD-202405-1937

CVE-2024-30041

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30041

55

Microsoft SharePoint 代码问题漏洞

CNNVD-202405-1934

CVE-2024-30043

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043

56

.NET and Visual Studio 安全漏洞

CNNVD-202405-1932

CVE-2024-30045

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045

57

Microsoft Visual Studio 竞争条件问题漏洞

CNNVD-202405-1931

CVE-2024-30046

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046

58

Microsoft Windows 安全漏洞

CNNVD-202405-1926

CVE-2024-30050

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30050

59

Microsoft Azure Migrate 跨站脚本漏洞

CNNVD-202405-2297

CVE-2024-30053

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30053

60

Microsoft Power BI 输入验证错误漏洞

CNNVD-202405-2120

CVE-2024-30054

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30054

61

Microsoft Intune 访问控制错误漏洞

CNNVD-202405-1935

CVE-2024-30059

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30059

此次更新共包括5个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞4个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202404-1180

CVE-2024-26211

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211

2

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202404-1184

CVE-2024-26207

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26207

3

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202404-1179

CVE-2024-26217

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26217

4

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202404-1135

CVE-2024-28900

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900

5

Microsoft Windows Remote Access Connection Manager 安全漏洞

CNNVD-202404-1133

CVE-2024-28902

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28902

此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

厂商

官方链接

1

Lenovo PC 安全漏洞

CNNVD-202404-1383

CVE-2024-23593

中危

联想

https://support.lenovo.com/us/en/product_security/LEN-132277

2

Google Chrome 安全漏洞

CNNVD-202405-1870

CVE-2024-4761

中危

Google

https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。