近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞75个,影响到微软产品的其他厂商漏洞1个。微软Microsoft Windows、Microsoft Windows Kernel Mode Drivers、Microsoft DNS Server、Microsoft Windows IP Routing Management Snapin等多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2024年12月10日,微软发布了2024年12月份安全更新,共76个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Kernel Mode Drivers、Microsoft DNS Server、Microsoft Windows IP Routing Management Snapin、Microsoft Windows Routing and Remote Access Service、Microsoft Windows Resilient File System等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞40个。
微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共76个漏洞的补丁程序,包括71个新增漏洞的补丁程序、4个更新漏洞的补丁程序和1个影响微软产品的其他厂商漏洞的补丁程序。
此次更新共包括71个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞30个,中危漏洞40个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202412-1333 | CVE-2024-49112 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 |
2 | Microsoft Office 安全漏洞 | CNNVD-202412-1271 | CVE-2024-43600 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43600 |
3 | Microsoft Windows Task Scheduler 安全漏洞 | CNNVD-202412-1284 | CVE-2024-49072 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49072 |
4 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1288 | CVE-2024-49075 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075 |
5 | Microsoft Input Method Editor 安全漏洞 | CNNVD-202412-1301 | CVE-2024-49079 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079 |
6 | Microsoft Windows IP Routing Management Snapin 安全漏洞 | CNNVD-202412-1306 | CVE-2024-49080 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080 |
7 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202412-1158 | CVE-2024-49084 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084 |
8 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202412-1315 | CVE-2024-49088 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088 |
9 | Microsoft Windows PrintWorkflowUserSvc 安全漏洞 | CNNVD-202412-1323 | CVE-2024-49095 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49095 |
10 | Microsoft Message Queuing 安全漏洞 | CNNVD-202412-1189 | CVE-2024-49096 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49096 |
11 | Microsoft Windows PrintWorkflowUserSvc 安全漏洞 | CNNVD-202412-1192 | CVE-2024-49097 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49097 |
12 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1207 | CVE-2024-49102 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102 |
13 | Microsoft Remote Desktop Client 安全漏洞 | CNNVD-202412-1362 | CVE-2024-49105 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105 |
14 | Microsoft WmsRepair Service 安全漏洞 | CNNVD-202412-1220 | CVE-2024-49107 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49107 |
15 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1223 | CVE-2024-49108 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108 |
16 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202412-1336 | CVE-2024-49113 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 |
17 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202412-1340 | CVE-2024-49114 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114 |
18 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1342 | CVE-2024-49116 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116 |
19 | Microsoft Message Queuing 安全漏洞 | CNNVD-202412-1345 | CVE-2024-49118 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118 |
20 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1236 | CVE-2024-49119 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119 |
21 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1238 | CVE-2024-49120 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49120 |
22 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202412-1241 | CVE-2024-49121 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121 |
23 | Microsoft Message Queuing 安全漏洞 | CNNVD-202412-1246 | CVE-2024-49122 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49122 |
24 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1244 | CVE-2024-49123 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123 |
25 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202412-1250 | CVE-2024-49124 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124 |
26 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1252 | CVE-2024-49125 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49125 |
27 | Microsoft Lightweight Directory Access Protocol 安全漏洞 | CNNVD-202412-1349 | CVE-2024-49127 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127 |
28 | Microsoft Windows Remote Desktop Gateway 安全漏洞 | CNNVD-202412-1260 | CVE-2024-49129 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49129 |
29 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1261 | CVE-2024-49132 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49132 |
30 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202412-1357 | CVE-2024-49138 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 |
31 | Microsoft Office 安全漏洞 | CNNVD-202412-1266 | CVE-2024-49142 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142 |
32 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1294 | CVE-2024-49077 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49077 |
33 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1307 | CVE-2024-49081 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49081 |
34 | Microsoft Windows File Explorer 安全漏洞 | CNNVD-202412-1310 | CVE-2024-49082 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082 |
35 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1317 | CVE-2024-49083 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49083 |
36 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1200 | CVE-2024-49099 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099 |
37 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1203 | CVE-2024-49101 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49101 |
38 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1327 | CVE-2024-49109 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109 |
39 | Microsoft System Center Operations Manager 安全漏洞 | CNNVD-202412-1187 | CVE-2024-43594 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594 |
40 | Microsoft Defender 安全漏洞 | CNNVD-202412-1131 | CVE-2024-49057 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057 |
41 | Microsoft Office 安全漏洞 | CNNVD-202412-1133 | CVE-2024-49059 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059 |
42 | Microsoft Office Sharepoint Server 安全漏洞 | CNNVD-202412-1276 | CVE-2024-49062 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062 |
43 | Microsoft Muzic 安全漏洞 | CNNVD-202412-1278 | CVE-2024-49063 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063 |
44 | Microsoft SharePoint 安全漏洞 | CNNVD-202412-1138 | CVE-2024-49064 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064 |
45 | Microsoft Office 安全漏洞 | CNNVD-202412-1280 | CVE-2024-49065 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065 |
46 | Microsoft SharePoint 安全漏洞 | CNNVD-202412-1140 | CVE-2024-49068 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068 |
47 | Microsoft Excel 安全漏洞 | CNNVD-202412-1145 | CVE-2024-49069 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 |
48 | Microsoft SharePoint 安全漏洞 | CNNVD-202412-1147 | CVE-2024-49070 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070 |
49 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1152 | CVE-2024-49073 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49073 |
50 | Microsoft Windows Kernel Mode Drivers 安全漏洞 | CNNVD-202412-1154 | CVE-2024-49074 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49074 |
51 | Microsoft Windows Virtualization-Based Security (VBS) Enclave 安全漏洞 | CNNVD-202412-1290 | CVE-2024-49076 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076 |
52 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1298 | CVE-2024-49078 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49078 |
53 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1162 | CVE-2024-49085 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49085 |
54 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1165 | CVE-2024-49086 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086 |
55 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1168 | CVE-2024-49087 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087 |
56 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1172 | CVE-2024-49089 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089 |
57 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202412-1320 | CVE-2024-49090 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090 |
58 | Microsoft DNS Server 安全漏洞 | CNNVD-202412-1174 | CVE-2024-49091 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49091 |
59 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1179 | CVE-2024-49092 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49092 |
60 | Microsoft Windows Resilient File System 安全漏洞 | CNNVD-202412-1181 | CVE-2024-49093 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49093 |
61 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1184 | CVE-2024-49094 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094 |
62 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1197 | CVE-2024-49098 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098 |
63 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1212 | CVE-2024-49103 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103 |
64 | Microsoft Windows Routing and Remote Access Service 安全漏洞 | CNNVD-202412-1214 | CVE-2024-49104 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104 |
65 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1217 | CVE-2024-49106 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49106 |
66 | Microsoft Windows Mobile Broadband Driver 安全漏洞 | CNNVD-202412-1330 | CVE-2024-49110 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49110 |
67 | Microsoft Windows Wireless Wide Area Network Service 安全漏洞 | CNNVD-202412-1227 | CVE-2024-49111 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49111 |
68 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1229 | CVE-2024-49115 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115 |
69 | Microsoft Hyper-V 安全漏洞 | CNNVD-202412-1232 | CVE-2024-49117 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49117 |
70 | Microsoft Windows Local Security Authority Subsystem Service 安全漏洞 | CNNVD-202412-1256 | CVE-2024-49126 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49126 |
71 | Microsoft Windows Remote Desktop Services 安全漏洞 | CNNVD-202412-1354 | CVE-2024-49128 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128 |
此次更新共包括4个更新漏洞的补丁程序,其中高危漏洞4个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft QUIC 安全漏洞 | CNNVD-202310-806 | CVE-2023-36435 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435 |
2 | Microsoft QUIC 安全漏洞 | CNNVD-202310-726 | CVE-2023-38171 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 |
3 | Microsoft Windows PowerShell 安全漏洞 | CNNVD-202407-770 | CVE-2024-38033 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38033 |
4 | Microsoft Winlogon 安全漏洞 | CNNVD-202410-755 | CVE-2024-43583 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Apache HTTP/2 资源管理错误漏洞 | CNNVD-202310-667 | CVE-2023-44487 | 高危 | Apache基金会 | https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn
声明:本文来自CNNVD安全动态,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
