近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞92个,影响到微软产品的其他厂商漏洞1个。微软Microsoft Windows、Microsoft Active Directory Certificate Services、Microsoft Windows CSC Service、Microsoft Windows Telephony Server等多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年11月12日,微软发布了2024年11月份安全更新,共93个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Active Directory Certificate Services、Microsoft Windows CSC Service、Microsoft Windows Telephony Server、Microsoft Word、Microsoft TorchGeo等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞76个,中危漏洞13个,低危漏洞1个。
微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共93个漏洞的补丁程序,包括89个新增漏洞的补丁程序、3个更新漏洞的补丁程序和1个影响微软产品的其他厂商漏洞的补丁程序。
此次更新共包括89个新增漏洞的补丁程序,其中超危漏洞3个,高危漏洞73个,中危漏洞13个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202411-1439 | CVE-2024-43498 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 |
2 | Microsoft Azure CycleCloud 安全漏洞 | CNNVD-202411-1329 | CVE-2024-43602 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602 |
3 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202411-1455 | CVE-2024-43639 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639 |
4 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1434 | CVE-2024-38255 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255 |
5 | Microsoft SMBv3 资源管理错误漏洞 | CNNVD-202411-1457 | CVE-2024-43447 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447 |
6 | Microsoft Windows DNS 安全漏洞 | CNNVD-202411-1423 | CVE-2024-43450 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43450 |
7 | Microsoft Windows Registry 安全漏洞 | CNNVD-202411-1435 | CVE-2024-43452 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43452 |
8 | Microsoft SQL Server 资源管理错误漏洞 | CNNVD-202411-1436 | CVE-2024-43459 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459 |
9 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1438 | CVE-2024-43462 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462 |
10 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202411-1325 | CVE-2024-43499 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499 |
11 | Microsoft Windows Update Stack 访问控制错误漏洞 | CNNVD-202411-1320 | CVE-2024-43530 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43530 |
12 | Microsoft LightGBM 安全漏洞 | CNNVD-202411-1441 | CVE-2024-43598 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43598 |
13 | Microsoft Azure Database for PostgreSQL 命令注入漏洞 | CNNVD-202411-1523 | CVE-2024-43613 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613 |
14 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202411-1442 | CVE-2024-43620 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43620 |
15 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202411-1444 | CVE-2024-43621 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43621 |
16 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202411-1446 | CVE-2024-43622 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43622 |
17 | Microsoft Windows NT OS Kernel 安全漏洞 | CNNVD-202411-1335 | CVE-2024-43623 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43623 |
18 | Microsoft Hyper-V 安全漏洞 | CNNVD-202411-1447 | CVE-2024-43624 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43624 |
19 | Microsoft Windows VMSwitch 资源管理错误漏洞 | CNNVD-202411-1333 | CVE-2024-43625 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43625 |
20 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202411-1339 | CVE-2024-43626 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43626 |
21 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202411-1345 | CVE-2024-43627 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43627 |
22 | Microsoft Windows Telephony Server 输入验证错误漏洞 | CNNVD-202411-1352 | CVE-2024-43628 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43628 |
23 | Microsoft DWM Core Library 安全漏洞 | CNNVD-202411-1456 | CVE-2024-43629 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43629 |
24 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202411-1360 | CVE-2024-43630 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43630 |
25 | Microsoft Windows Telephony Server 输入验证错误漏洞 | CNNVD-202411-1452 | CVE-2024-43635 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635 |
26 | Microsoft Win32k 安全漏洞 | CNNVD-202411-1482 | CVE-2024-43636 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636 |
27 | Microsoft Windows Secure Kernel Mode 安全漏洞 | CNNVD-202411-1460 | CVE-2024-43640 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43640 |
28 | Microsoft Windows Registry 输入验证错误漏洞 | CNNVD-202411-1461 | CVE-2024-43641 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43641 |
29 | Microsoft Windows SMB Server 资源管理错误漏洞 | CNNVD-202411-1462 | CVE-2024-43642 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43642 |
30 | Microsoft Windows CSC Service 缓冲区错误漏洞 | CNNVD-202411-1396 | CVE-2024-43644 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644 |
31 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1464 | CVE-2024-48993 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993 |
32 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1440 | CVE-2024-48994 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994 |
33 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1443 | CVE-2024-48995 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995 |
34 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1448 | CVE-2024-48996 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996 |
35 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1470 | CVE-2024-48997 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997 |
36 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1465 | CVE-2024-48998 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998 |
37 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1467 | CVE-2024-48999 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999 |
38 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1466 | CVE-2024-49000 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000 |
39 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1469 | CVE-2024-49001 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001 |
40 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1468 | CVE-2024-49002 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002 |
41 | Microsoft SQL Server 资源管理错误漏洞 | CNNVD-202411-1471 | CVE-2024-49003 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003 |
42 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1474 | CVE-2024-49004 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004 |
43 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1473 | CVE-2024-49005 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005 |
44 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1475 | CVE-2024-49006 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006 |
45 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1477 | CVE-2024-49007 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007 |
46 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1476 | CVE-2024-49008 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008 |
47 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1478 | CVE-2024-49009 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009 |
48 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1479 | CVE-2024-49010 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010 |
49 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1480 | CVE-2024-49011 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011 |
50 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1481 | CVE-2024-49012 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012 |
51 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1487 | CVE-2024-49013 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013 |
52 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1483 | CVE-2024-49014 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014 |
53 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1486 | CVE-2024-49015 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015 |
54 | Microsoft SQL Server 资源管理错误漏洞 | CNNVD-202411-1484 | CVE-2024-49016 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016 |
55 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1485 | CVE-2024-49017 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017 |
56 | Microsoft SQL Server 安全漏洞 | CNNVD-202411-1506 | CVE-2024-49018 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018 |
57 | Microsoft Active Directory Certificate Services 安全漏洞 | CNNVD-202411-1554 | CVE-2024-49019 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019 |
58 | Microsoft SQL Server 资源管理错误漏洞 | CNNVD-202411-1488 | CVE-2024-49021 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021 |
59 | Microsoft Excel 命令注入漏洞 | CNNVD-202411-1489 | CVE-2024-49026 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49026 |
60 | Microsoft Excel 安全漏洞 | CNNVD-202411-1492 | CVE-2024-49027 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49027 |
61 | Microsoft Excel 缓冲区错误漏洞 | CNNVD-202411-1490 | CVE-2024-49028 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49028 |
62 | Microsoft Excel 安全漏洞 | CNNVD-202411-1491 | CVE-2024-49029 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49029 |
63 | Microsoft Excel 安全漏洞 | CNNVD-202411-1493 | CVE-2024-49030 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49030 |
64 | Microsoft Graphics Component 安全漏洞 | CNNVD-202411-1494 | CVE-2024-49031 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49031 |
65 | Microsoft Graphics Component 资源管理错误漏洞 | CNNVD-202411-1495 | CVE-2024-49032 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49032 |
66 | Microsoft Word 输入验证错误漏洞 | CNNVD-202411-1496 | CVE-2024-49033 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49033 |
67 | Microsoft Windows Task Scheduler 授权问题漏洞 | CNNVD-202411-1497 | CVE-2024-49039 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039 |
68 | Microsoft Exchange Server 安全漏洞 | CNNVD-202411-1449 | CVE-2024-49040 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040 |
69 | Microsoft Azure Database for PostgreSQL 命令注入漏洞 | CNNVD-202411-1541 | CVE-2024-49042 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042 |
70 | Microsoft SQL Server 代码问题漏洞 | CNNVD-202411-1451 | CVE-2024-49043 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043 |
71 | Microsoft Win32k 安全漏洞 | CNNVD-202411-1459 | CVE-2024-49046 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49046 |
72 | Microsoft TorchGeo 代码注入漏洞 | CNNVD-202411-1498 | CVE-2024-49048 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49048 |
73 | Microsoft Visual Studio Code 访问控制错误漏洞 | CNNVD-202411-1458 | CVE-2024-49049 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49049 |
74 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202411-1499 | CVE-2024-49050 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49050 |
75 | Microsoft PC Manager 后置链接漏洞 | CNNVD-202411-1500 | CVE-2024-49051 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49051 |
76 | Microsoft airlift.microsoft.com 安全漏洞 | CNNVD-202411-1463 | CVE-2024-49056 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49056 |
77 | Microsoft Windows Package Manager 安全漏洞 | CNNVD-202411-1432 | CVE-2024-38203 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203 |
78 | Microsoft Manage Virtual Hard Disks 安全漏洞 | CNNVD-202411-1437 | CVE-2024-38264 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38264 |
79 | Microsoft Windows USB Video Class driver 缓冲区错误漏洞 | CNNVD-202411-1416 | CVE-2024-43449 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43449 |
80 | Microsoft NTLM 安全漏洞 | CNNVD-202411-1430 | CVE-2024-43451 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 |
81 | Microsoft Windows Secure Kernel Mode 安全漏洞 | CNNVD-202411-1365 | CVE-2024-43631 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43631 |
82 | Microsoft Hyper-V 安全漏洞 | CNNVD-202411-1450 | CVE-2024-43633 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43633 |
83 | Microsoft Windows USB Video Class driver 缓冲区错误漏洞 | CNNVD-202411-1370 | CVE-2024-43634 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43634 |
84 | Microsoft Windows USB Video Class driver 缓冲区错误漏洞 | CNNVD-202411-1377 | CVE-2024-43637 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43637 |
85 | Microsoft Windows USB Video Class driver 缓冲区错误漏洞 | CNNVD-202411-1385 | CVE-2024-43638 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43638 |
86 | Microsoft Windows USB Video Class driver 安全漏洞 | CNNVD-202411-1391 | CVE-2024-43643 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43643 |
87 | Microsoft Windows Defender Application Control 安全漏洞 | CNNVD-202411-1402 | CVE-2024-43645 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43645 |
88 | Microsoft Windows Secure Kernel Mode 安全漏洞 | CNNVD-202411-1406 | CVE-2024-43646 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43646 |
89 | Microsoft Visual Studio 访问控制错误漏洞 | CNNVD-202411-1453 | CVE-2024-49044 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044 |
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞3个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202410-816 | CVE-2024-43511 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43511 |
2 | Microsoft Windows Secure Kernel Mode 安全漏洞 | CNNVD-202410-810 | CVE-2024-43516 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43516 |
3 | Microsoft Windows Secure Kernel Mode 安全漏洞 | CNNVD-202410-799 | CVE-2024-43528 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43528 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中低危漏洞1个。
序号 | 漏洞 名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | OpenSSL 安全漏洞 | CNNVD-202406-2936 | CVE-2024-5535 | 低危 | OpenSSL | https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
