2023年3月網(wǎng)絡(luò)安全風(fēng)險(xiǎn)提示
【漏洞公告】
微軟公司近日發(fā)布了3月安全更新公告,包含了微軟家族多個(gè)軟件的安全更新補(bǔ)丁,包括:Microsoft Outlook,、Windows SmartScreen,、Internet Control Message Protocol、Windows HTTP.sys等多個(gè)CVE安全漏洞補(bǔ)丁,。利用上述漏洞,,攻擊者可以繞過(guò)安全功能限制,,獲取敏感信息,,提升權(quán)限,,執(zhí)行遠(yuǎn)程代碼,或發(fā)起拒絕服務(wù)攻擊等,。我中心提醒全校師生用戶盡快下載補(bǔ)丁更新,,避免引發(fā)漏洞相關(guān)的網(wǎng)絡(luò)安全事件。
參考鏈接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
根據(jù)公告,,此次更新中修復(fù)的 Internet Control Message Protocol (ICMP)遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23415),、Windows Cryptographic Services 遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23416)、HTTP Protocol Stack 遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23392),、Windows Hyper-V拒絕服務(wù)漏洞(CVE-2023-23411),、TPM2.0 Module Library權(quán)限提升漏洞(CVE-2023-1017、CVE-2023-1018),、Windows Point-to-Point Tunneling Protocol遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23404),、Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞 (CVE-2023-21708)、Windows圖形組特權(quán)提升級(jí)漏洞(CVE-2023-24861),、 Windows HTTP.sys權(quán)限提升漏洞(CVE-2023-23410),、Windows HTTP.sys 權(quán)限提升漏洞(CVE-2023-23398)風(fēng)險(xiǎn)較大。其中Microsoft Outlook權(quán)限提升漏洞(CVE-2023-23397),、Windows SmartScreen 安全功能繞過(guò)漏洞(CVE-2023-24880)存在在野利用,,建議盡快安裝安全更新補(bǔ)丁或采取臨時(shí)緩解措施加固系統(tǒng)。
相關(guān)鏈接參考:
https://msrc.microsoft.com/update-guide/vulnerability/
【影響范圍】
Microsoft Outlook權(quán)限提升漏洞(CVE-2023-23397):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Windows SmartScreen安全功能繞過(guò)漏洞(CVE-2023-24880):
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Internet Control Message Protocol(ICMP)遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23415):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Cryptographic Services遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23416):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
HTTP 協(xié)議堆棧遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23392):
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Hyper-V 拒絕服務(wù)漏洞(CVE-2023-23411):
Windows 10 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
TPM2.0 Module Library 權(quán)限提升漏洞(CVE-2023-1017,、CVE-2023-1018):
Windows 10 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Point-to-Point Tunneling Protocol遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23404):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-21708):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 圖形組件權(quán)限提升漏洞(CVE-2023-24861):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows HTTP.sys權(quán)限提升漏洞(CVE-2023-23410):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Excel欺騙漏洞(CVE-2023-23398):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
3月安全公告列表,,包含的其他漏洞快速閱讀指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
CVE-2023-23408|Azure Apache Ambari 欺騙漏洞
CVE-2023-23409|客戶端服務(wù)器運(yùn)行時(shí)子系統(tǒng)(CSRSS)信息泄露漏洞
CVE-2023-23394|客戶端服務(wù)器運(yùn)行時(shí)子系統(tǒng)(CSRSS)信息泄露漏洞
CVE-2023-23388|Windows 藍(lán)牙驅(qū)動(dòng)程序特權(quán)提升漏洞
CVE-2023-24920|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24879|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24919|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24891|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24922|Microsoft Dynamics 365信息泄露漏洞
CVE-2023-24921|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24892|Microsoft Edge(基于 Chromium)Webview2欺騙漏洞
CVE-2023-24910|Windows圖形組件特權(quán)提升漏洞
CVE-2023-23396|Microsoft Excel拒絕服務(wù)漏洞
CVE-2023-23399|Microsoft Excel遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23395|Microsoft SharePoint Server欺騙漏洞
CVE-2023-24890|Microsoft OneDrive for iOS安全功能繞過(guò)漏洞
CVE-2023-24930|Microsoft OneDrive for MacOS特權(quán)提升漏洞
CVE-2023-24882|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24923|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24907|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24857|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24868|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24872|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24876|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24913|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24864|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序特權(quán)提升漏洞
CVE-2023-24866|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24906|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24867|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24863|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24858|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24911|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24870|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24909|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23406|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23413|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24856|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-24865|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序信息泄露漏洞
CVE-2023-23403|Microsoft PostScript和PCL6類打印機(jī)驅(qū)動(dòng)程序遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23401|Windows Media遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23402|Windows Media遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23391|Office for Android欺騙漏洞
CVE-2023-23400|Windows DNS服務(wù)器遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23383|Service Fabric Explorer欺騙漏洞
CVE-2023-23412|Windows帳戶圖片特權(quán)提升漏洞
CVE-2023-24871|Windows藍(lán)牙服務(wù)遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23393|Windows BrokerInfrastructure服務(wù)特權(quán)提升漏洞
CVE-2023-23389|Microsoft Defender特權(quán)提升漏洞
CVE-2023-24859|Windows Internet密鑰交換 (IKE)擴(kuò)展拒絕服務(wù)漏洞
CVE-2023-23420|Windows內(nèi)核特權(quán)提升漏洞
CVE-2023-23422|Windows內(nèi)核特權(quán)提升漏洞
CVE-2023-23421|Windows內(nèi)核特權(quán)提升漏洞
CVE-2023-23423|Windows內(nèi)核特權(quán)提升漏洞
CVE-2023-23417|Windows分區(qū)管理驅(qū)動(dòng)程序特權(quán)提升漏洞
CVE-2023-23407|Windows以太網(wǎng)點(diǎn)對(duì)點(diǎn)協(xié)議(PPPoE)遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23385|Windows 以太網(wǎng)點(diǎn)對(duì)點(diǎn)協(xié)議(PPPoE)特權(quán)提升漏洞
CVE-2023-23414|Windows 以太網(wǎng)點(diǎn)對(duì)點(diǎn)協(xié)議(PPPoE)遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23405|Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24869|Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-24908|Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞
CVE-2023-23419|Windows彈性文件系統(tǒng)(ReFS)特權(quán)提升漏洞
CVE-2023-23418|Windows彈性文件系統(tǒng)(ReFS)特權(quán)提升漏洞
CVE-2023-24862|Windows安全通道拒絕服務(wù)漏洞
【漏洞描述】
Microsoft Outlook權(quán)限提升漏洞(CVE-2023-23397):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
是 |
已公開 |
未公開 |
已發(fā)現(xiàn) |
Microsoft Outlook 存在權(quán)限提升漏洞,未經(jīng)身份驗(yàn)證的遠(yuǎn)程攻擊者可以向受害者發(fā)送特制的電子郵件,,導(dǎo)致受害者連接到攻擊者控制的外部 UNC 位置,。這會(huì)將受害者的 Net-NTLMv2 散列泄露給攻擊者,然后攻擊者可以將其中繼到另一個(gè)服務(wù)并作為受害者進(jìn)行身份驗(yàn)證,。值得注意的是,電子郵件服務(wù)器檢索和處理電子郵件時(shí)(例如在預(yù)覽 窗格中查看電子郵件之前)會(huì)自動(dòng)觸發(fā)漏洞,。
Windows SmartScreen安全功能繞過(guò)漏洞(CVE-2023-24880):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
是 |
已公開 |
未公開 |
已發(fā)現(xiàn) |
Windows SmartScreen存在安全特性繞過(guò)漏洞,,未經(jīng)身份驗(yàn)證的遠(yuǎn)程攻擊者可以誘騙受害者打開特制文件并繞過(guò)Web標(biāo)記(MOTW)防御。此漏洞已被用于在野攻擊,。
Internet Control Message Protocol(ICMP)遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23415):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Internet Control Message Protocol (ICMP)存在遠(yuǎn)程代碼執(zhí)行漏洞,,未經(jīng)身份驗(yàn)證的遠(yuǎn)程攻擊者可通過(guò)向目標(biāo)系統(tǒng)發(fā)送特制的ICMP報(bào)文來(lái)利用此漏洞,成功利用此漏洞可能在目標(biāo)系統(tǒng)上執(zhí)行任意代碼,。此漏洞觸發(fā)存在前置條件,,目標(biāo)主機(jī)上需要運(yùn)行綁定到原始套接字的應(yīng)用程序,。
Windows Cryptographic Services遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23416):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Windows Cryptographic Services 存在遠(yuǎn)程代碼執(zhí)行漏洞,利用該漏洞,,需要在受影響的系統(tǒng)上導(dǎo)入惡意證書,。攻擊者可以將證書上傳到處理或?qū)胱C書的服務(wù),或者說(shuō)服用戶在他們的系統(tǒng)上導(dǎo)入證書,。成功利用該漏洞可以在目標(biāo)系統(tǒng)上以該用戶權(quán)限執(zhí)行任意代碼,。
HTTP 協(xié)議堆棧遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23392):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
HTTP 協(xié)議堆棧存在遠(yuǎn)程代碼執(zhí)行漏洞,未經(jīng)身份驗(yàn)證的遠(yuǎn)程攻擊者可以特制的數(shù)據(jù)包發(fā)送到目標(biāo)服務(wù)器,,成功利用該漏洞在目標(biāo)服務(wù)器上執(zhí)行任意代碼,。服務(wù)器易受攻擊的先決條件是綁定啟用了 HTTP/3,并且服務(wù)器使用緩沖 I/O,。
Windows Hyper-V拒絕服務(wù)漏洞(CVE-2023-23411)
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Windows Hyper-V 存在拒絕服務(wù)漏洞,,經(jīng)過(guò)身份驗(yàn)證的攻擊者可利用該漏洞導(dǎo)致 Hyper-V 主機(jī)拒絕服務(wù)。
TPM2.0 Module Library權(quán)限提升漏洞(CVE-2023-1017,、CVE-2023-1018):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
TPM2.0 Module Library存在越界寫漏洞(CVE-2023-1017 ,、 CVE-2023-1018),經(jīng)過(guò)身份驗(yàn)證的攻擊者可以在緩沖區(qū)中越界寫入兩個(gè)字節(jié),,可導(dǎo)致拒絕服務(wù)或在TPM上下文中執(zhí)行任意代碼,。來(lái)賓VM中經(jīng)過(guò)身份驗(yàn)證的攻擊者 可通過(guò)向Hyper-V發(fā)送特制TPM命令來(lái)利用此漏洞,成功利用此漏洞可能獲得提升的權(quán)限,。
Windows Point-to-Point Tunneling Protocol遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-23404):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Windows Point-to-Point Tunneling Protocol存在遠(yuǎn)程代碼執(zhí)行漏洞,,未經(jīng)身份驗(yàn)證的遠(yuǎn)程攻擊者可以向目標(biāo)RAS服務(wù)器發(fā)送特制連接請(qǐng)求,成功利用利用該漏洞 可以在目標(biāo)系統(tǒng)上執(zhí)行任意代碼,。
Remote Procedure Call Runtime遠(yuǎn)程代碼執(zhí)行漏洞(CVE-2023-21708):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Remote Procedure Call Runtime存在遠(yuǎn)程代碼執(zhí)行漏洞,,未經(jīng)身份驗(yàn)證的攻擊者可以向目標(biāo)RPC主機(jī)發(fā)送特制的RPC調(diào)用。成功利用該漏洞可以在服務(wù)器端以與RPC服務(wù)相同的權(quán)限執(zhí)行遠(yuǎn)程代碼,。在企業(yè)外圍防火墻阻止TCP的135端口,,可以降低一些針對(duì)此漏洞的潛在攻擊的可能性。
Windows圖形組件權(quán)限提升漏洞(CVE-2023-24861)
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Windows圖形組件存在權(quán)限提升漏洞,,經(jīng)過(guò)身份認(rèn)證的攻擊者可通過(guò)在目標(biāo)系統(tǒng)上執(zhí)行特制程序來(lái)利用此漏洞,,成功利用此漏洞可提升至SYSTEM權(quán)限。
Windows HTTP.sys權(quán)限提升漏洞(CVE-2023-23410)
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Windows HTTP.sys存在權(quán)限提升漏洞,,經(jīng)過(guò)身份認(rèn)證的攻擊者利用此漏洞可將權(quán)限提升至SYSTEM權(quán)限,。
Microsoft Excel欺騙漏洞(CVE-2023-23398):
細(xì)節(jié)是否公開 |
POC狀態(tài) |
EXP狀態(tài) |
在野利用 |
否 |
未公開 |
未公開 |
未發(fā)現(xiàn) |
Microsoft Excel存在欺騙漏洞,未經(jīng)身份驗(yàn)證的攻擊者可以誘導(dǎo)用戶打開特制文件,,然后單擊安全警告提示“啟用內(nèi)容”,。成功利用此漏洞的攻擊者可以誘騙用戶啟用他們無(wú)法檢查的內(nèi)容。
【緩解措施】
高危:目前漏洞細(xì)節(jié)雖未公開,,但是惡意攻擊者可以通過(guò)補(bǔ)丁對(duì)比方式分析出漏洞觸發(fā)點(diǎn),,并進(jìn)一步開發(fā)漏洞利用代碼,,Microsoft 已發(fā)布相關(guān)安全更新,鑒于漏洞的嚴(yán)重性,,建議受影響的用戶盡快修復(fù),。安恒信息將在產(chǎn)品的例行更新中加入相關(guān)攻擊檢測(cè)和防護(hù)能力。
(一)Windows 更新:
自動(dòng)更新:
Microsoft Update 默認(rèn)啟用,,當(dāng)系統(tǒng)檢測(cè)到可用更新時(shí),,將會(huì)自動(dòng)下載更新并在下一次啟動(dòng)時(shí)安裝。
手動(dòng)更新:
1,、點(diǎn)擊“開始菜單”或按Windows快捷鍵,,點(diǎn)擊進(jìn)入“設(shè)置”。
2,、選擇“更新和安全”,,進(jìn)入“Windows 更新”(Windows 8、Windows 8.1,、Windows Server 2012以及Windows Server 2012 R2可通過(guò)控制面板進(jìn)入“Windows更新”,,具體步驟為“控制面板”->“系統(tǒng)和安全”->“Windows更新”)
3、選擇“檢查更新”,,等待系統(tǒng)將自動(dòng)檢查并下載可用更新,。
4、重啟計(jì)算機(jī),,安裝更新系統(tǒng)重新啟動(dòng)后,,可通過(guò)進(jìn)入“Windows 更新”->“查看更新歷史記錄”查看是否成功安裝了更新。
(二)目前微軟針對(duì)支持的產(chǎn)品已發(fā)布升級(jí)補(bǔ)丁修復(fù)了上述漏洞,,請(qǐng)用戶參考官方通告及時(shí)下載更新補(bǔ)丁,。
補(bǔ)丁獲取:
https://msrc.microsoft.com/update-guide/vulnerability