- 分类3000+
- 产品3000+
- 服务3000+
- 厂商3000+
- 用户3000+
- 数字化疑难问题大家一起去解决
教育数字化知识图谱
登录查询教育数字化知识信息
打开微信扫一扫
教育数字化知识图谱
打开微信扫一扫
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞77个,影响到微软产品的其他厂商漏洞9个。包括Microsoft Windows Remote Procedure Call 安全漏洞(CNNVD-202303-1051、CVE-2023-21708)、Microsoft Windows HTTP Protocol Stack 安全漏洞(CNNVD-202303-1026、CVE-2023-23392)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年3月14日,微软发布了2023年3月份安全更新,共86个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft PostScript Printer Driver、Microsoft Windows HTTP Protocol Stack、Microsoft Graphics Component、Microsoft Windows Hyper-V、Microsoft Windows Point-to-Point Tunneling Protocol等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞48个,中危漏洞32个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括74个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞42个,中危漏洞27个,低危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Windows Remote Procedure Call 安全漏洞 |
CNNVD-202303-1051 |
CVE-2023-21708 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21708 |
|
2 |
Microsoft Windows HTTP Protocol Stack 安全漏洞 |
CNNVD-202303-1026 |
CVE-2023-23392 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23392 |
|
3 |
Microsoft Outlook 安全漏洞 |
CNNVD-202303-1036 |
CVE-2023-23397 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 |
|
4 |
Microsoft Internet Control Message Protocol 安全漏洞 |
CNNVD-202303-1075 |
CVE-2023-23415 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 |
|
5 |
Microsoft Service Fabric 安全漏洞 |
CNNVD-202303-1016 |
CVE-2023-23383 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
|
6 |
Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞 |
CNNVD-202303-1017 |
CVE-2023-23385 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23385 |
|
7 |
Microsoft Bluetooth Driver 安全漏洞 |
CNNVD-202303-1019 |
CVE-2023-23388 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23388 |
|
8 |
Microsoft Windows BrokerInfrastructure 安全漏洞 |
CNNVD-202303-1032 |
CVE-2023-23393 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23393 |
|
9 |
Microsoft Excel 安全漏洞 |
CNNVD-202303-1038 |
CVE-2023-23398 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
|
10 |
Microsoft Excel 安全漏洞 |
CNNVD-202303-1039 |
CVE-2023-23399 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23399 |
|
11 |
Microsoft DNS Server 安全漏洞 |
CNNVD-202303-1054 |
CVE-2023-23400 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23400 |
|
12 |
Microsoft Windows Codecs Library 安全漏洞 |
CNNVD-202303-1056 |
CVE-2023-23401 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23401 |
|
13 |
Microsoft Windows Codecs Library 安全漏洞 |
CNNVD-202303-1057 |
CVE-2023-23402 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23402 |
|
14 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1040 |
CVE-2023-23403 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23403 |
|
15 |
Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞 |
CNNVD-202303-1058 |
CVE-2023-23404 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23404 |
|
16 |
Microsoft Windows Remote Procedure Call Runtime 安全漏洞 |
CNNVD-202303-1060 |
CVE-2023-23405 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23405 |
|
17 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1062 |
CVE-2023-23406 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23406 |
|
18 |
Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞 |
CNNVD-202303-1064 |
CVE-2023-23407 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23407 |
|
19 |
Microsoft HTTP.sys 安全漏洞 |
CNNVD-202303-1072 |
CVE-2023-23410 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410 |
|
20 |
Microsoft Windows Accounts Control 安全漏洞 |
CNNVD-202303-1087 |
CVE-2023-23412 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23412 |
|
21 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1076 |
CVE-2023-23413 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23413 |
|
22 |
Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞 |
CNNVD-202303-1077 |
CVE-2023-23414 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23414 |
|
23 |
Microsoft Windows Cryptographic Services 安全漏洞 |
CNNVD-202303-1079 |
CVE-2023-23416 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416 |
|
24 |
Microsoft Windows Partition Management Driver 安全漏洞 |
CNNVD-202303-1073 |
CVE-2023-23417 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23417 |
|
25 |
Microsoft Windows Resilient File System (ReFS) 安全漏洞 |
CNNVD-202303-1070 |
CVE-2023-23418 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23418 |
|
26 |
Microsoft Windows Resilient File System (ReFS) 安全漏洞 |
CNNVD-202303-1068 |
CVE-2023-23419 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23419 |
|
27 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202303-1065 |
CVE-2023-23420 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23420 |
|
28 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202303-1063 |
CVE-2023-23421 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23421 |
|
29 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202303-1061 |
CVE-2023-23422 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23422 |
|
30 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202303-1059 |
CVE-2023-23423 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23423 |
|
31 |
Microsoft Windows Internet Key Exchange (IKE) Protocol 安全漏洞 |
CNNVD-202303-1071 |
CVE-2023-24859 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24859 |
|
32 |
Microsoft Windows Win32K 安全漏洞 |
CNNVD-202303-1052 |
CVE-2023-24861 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861 |
|
33 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1066 |
CVE-2023-24864 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24864 |
|
34 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1046 |
CVE-2023-24867 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24867 |
|
35 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1045 |
CVE-2023-24868 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24868 |
|
36 |
Microsoft Windows Remote Procedure Call Runtime 安全漏洞 |
CNNVD-202303-1042 |
CVE-2023-24869 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24869 |
|
37 |
Microsoft Windows Bluetooth Service 安全漏洞 |
CNNVD-202303-1041 |
CVE-2023-24871 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24871 |
|
38 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1037 |
CVE-2023-24872 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24872 |
|
39 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1035 |
CVE-2023-24876 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24876 |
|
40 |
Microsoft Edge 安全漏洞 |
CNNVD-202303-1024 |
CVE-2023-24892 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24892 |
|
41 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1018 |
CVE-2023-24907 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24907 |
|
42 |
Microsoft Windows Remote Procedure Call Runtime 安全漏洞 |
CNNVD-202303-1015 |
CVE-2023-24908 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24908 |
|
43 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1013 |
CVE-2023-24909 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24909 |
|
44 |
Microsoft Graphics Component 安全漏洞 |
CNNVD-202303-1014 |
CVE-2023-24910 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910 |
|
45 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1010 |
CVE-2023-24913 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24913 |
|
46 |
Microsoft OneDrive 安全漏洞 |
CNNVD-202303-1001 |
CVE-2023-24930 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24930 |
|
47 |
Microsoft Defender 安全漏洞 |
CNNVD-202303-1021 |
CVE-2023-23389 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23389 |
|
48 |
Microsoft Office for Android 安全漏洞 |
CNNVD-202303-1023 |
CVE-2023-23391 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23391 |
|
49 |
Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞 |
CNNVD-202303-1029 |
CVE-2023-23394 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23394 |
|
50 |
Microsoft Excel 安全漏洞 |
CNNVD-202303-1033 |
CVE-2023-23396 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
|
51 |
Microsoft Azure Apache Ambari 安全漏洞 |
CNNVD-202303-1067 |
CVE-2023-23408 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23408 |
|
52 |
Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞 |
CNNVD-202303-1069 |
CVE-2023-23409 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23409 |
|
53 |
Microsoft Windows Hyper-V 安全漏洞 |
CNNVD-202303-1074 |
CVE-2023-23411 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23411 |
|
54 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1044 |
CVE-2023-24856 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24856 |
|
55 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1055 |
CVE-2023-24857 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24857 |
|
56 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1053 |
CVE-2023-24858 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24858 |
|
57 |
Microsoft Windows Secure Channel 安全漏洞 |
CNNVD-202303-1050 |
CVE-2023-24862 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24862 |
|
58 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1049 |
CVE-2023-24863 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24863 |
|
59 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1048 |
CVE-2023-24865 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24865 |
|
60 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1047 |
CVE-2023-24866 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24866 |
|
61 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1043 |
CVE-2023-24870 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24870 |
|
62 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1031 |
CVE-2023-24879 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879 |
|
63 |
Microsoft Defender SmartScreen 安全漏洞 |
CNNVD-202303-1034 |
CVE-2023-24880 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880 |
|
64 |
Microsoft OneDrive 安全漏洞 |
CNNVD-202303-1028 |
CVE-2023-24882 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24882 |
|
65 |
Microsoft OneDrive 安全漏洞 |
CNNVD-202303-1027 |
CVE-2023-24890 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890 |
|
66 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1025 |
CVE-2023-24891 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891 |
|
67 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1020 |
CVE-2023-24906 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24906 |
|
68 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1011 |
CVE-2023-24911 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24911 |
|
69 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1008 |
CVE-2023-24919 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919 |
|
70 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1007 |
CVE-2023-24920 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920 |
|
71 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1006 |
CVE-2023-24921 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921 |
|
72 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202303-1005 |
CVE-2023-24922 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922 |
|
73 |
Microsoft OneDrive 安全漏洞 |
CNNVD-202303-1004 |
CVE-2023-24923 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24923 |
|
74 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202303-1030 |
CVE-2023-23395 |
低危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395 |
此次更新共包括3个更新漏洞的补丁程序,其中高危漏洞2个,中危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Hyper-V安全漏洞 |
CNNVD-202204-3177 |
CVE-2022-23257 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23257 |
|
2 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202212-3159 |
CVE-2022-41127 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127 |
|
3 |
Windows DCOM Server 安全特征问题漏洞 |
CNNVD-202106-546 |
CVE-2021-26414 |
中危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 |
此次更新共包括9个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞4个,中危漏洞4个,低危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
TCG TPM 缓冲区错误漏洞 |
CNNVD-202302-2422 |
CVE-2023-1017 |
高危 |
TCG |
https://trustedcomputinggroup.org/resource/errata-for-tpm-library-specification-2-0/ |
|
2 |
Git 代码问题漏洞 |
CNNVD-202302-1069 |
CVE-2023-22743 |
高危 |
Git |
https://github.com/git-for-windows/git/security/advisories/GHSA-p2x9-prp4-8gvq |
|
3 |
Git 代码问题漏洞 |
CNNVD-202302-1071 |
CVE-2023-23618 |
高危 |
Git |
https://github.com/git-for-windows/git/commit/49a8ec9dac3cec6602f05fed1b3f80a549c8c05c |
|
4 |
Git 路径遍历漏洞 |
CNNVD-202302-1164 |
CVE-2023-23946 |
高危 |
Git |
https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd |
|
5 |
多款AMD处理器安全漏洞 |
CNNVD-202207-891 |
CVE-2022-23825 |
中危 |
AMD |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 |
|
6 |
curl 资源管理错误漏洞 |
CNNVD-202212-3687 |
CVE-2022-43552 |
中危 |
个人开发者 |
https://curl.se/docs/CVE-2022-43552.html |
|
7 |
TCG TPM 缓冲区错误漏洞 |
CNNVD-202302-2314 |
CVE-2023-1018 |
中危 |
TCG |
https://trustedcomputinggroup.org/resource/errata-for-tpm-library-specification-2-0/ |
|
8 |
Git 后置链接漏洞 |
CNNVD-202302-1136 |
CVE-2023-22490 |
中危 |
个人开发者 |
https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd |
|
9 |
AMD CPU 安全漏洞 |
CNNVD-202207-892 |
CVE-2022-23816 |
低危 |
AMD |
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
文章来源:国家信息安全漏洞库
教育数字化知识图谱
微信公众号
咨询顾问
Copyright@2024 EduDigital123.COM 教育数字化知识图谱 京公网安备11011502038001 京ICP备2024042673号-3
