近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞101个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Message Queuing 安全漏洞(CNNVD-202304-852、CVE-2023-21554)、Microsoft Windows PGM 安全漏洞(CNNVD-202304-844、CVE-2023-28250)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年4月11日,微软发布了2023年4月份安全更新,共102个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Secure Channel、Microsoft Defender、Microsoft Windows Boot Manager、Microsoft OLE DB Provider for SQL Server、Microsoft Windows ALPC等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞68个,中危漏洞31个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括97个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞66个,中危漏洞29个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Message Queuing 安全漏洞 | CNNVD-202304-852 | CVE-2023-21554 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554 |
2 | Microsoft Windows PGM 安全漏洞 | CNNVD-202304-844 | CVE-2023-28250 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28250 |
3 | Microsoft Windows RPC API 安全漏洞 | CNNVD-202304-811 | CVE-2023-21727 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21727 |
4 | Microsoft Message Queuing 安全漏洞 | CNNVD-202304-816 | CVE-2023-21769 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21769 |
5 | Microsoft SQL Server 安全漏洞 | CNNVD-202304-854 | CVE-2023-23375 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23375 |
6 | Microsoft SQL Server 安全漏洞 | CNNVD-202304-914 | CVE-2023-23384 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384 |
7 | Microsoft Defender 安全漏洞 | CNNVD-202304-855 | CVE-2023-24860 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24860 |
8 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-866 | CVE-2023-24884 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24884 |
9 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-877 | CVE-2023-24885 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24885 |
10 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-873 | CVE-2023-24886 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24886 |
11 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-878 | CVE-2023-24887 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24887 |
12 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202304-849 | CVE-2023-24893 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24893 |
13 | Microsoft Graphics Component 安全漏洞 | CNNVD-202304-857 | CVE-2023-24912 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24912 |
14 | Microsoft Windows Win32K 安全漏洞 | CNNVD-202304-819 | CVE-2023-24914 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24914 |
15 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-859 | CVE-2023-24924 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24924 |
16 | Microsoft PostScript Printer Driver 安全漏洞 | CNNVD-202304-864 | CVE-2023-24925 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24925 |
17 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-867 | CVE-2023-24926 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24926 |
18 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-871 | CVE-2023-24927 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24927 |
19 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-875 | CVE-2023-24928 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24928 |
20 | Microsoft PostScript Printer Driver 安全漏洞 | CNNVD-202304-879 | CVE-2023-24929 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24929 |
21 | Microsoft Windows Secure Channel 安全漏洞 | CNNVD-202304-822 | CVE-2023-24931 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24931 |
22 | Microsoft Windows ALPC 安全漏洞 | CNNVD-202304-824 | CVE-2023-28216 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28216 |
23 | Microsoft Windows Network Address Translation (NAT) 安全漏洞 | CNNVD-202304-826 | CVE-2023-28217 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28217 |
24 | Microsoft Windows Ancillary Function Driver for WinSock安全漏洞 | CNNVD-202304-828 | CVE-2023-28218 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28218 |
25 | Microsoft Windows 安全漏洞 | CNNVD-202304-881 | CVE-2023-28219 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28219 |
26 | Microsoft Windows 安全漏洞 | CNNVD-202304-883 | CVE-2023-28220 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28220 |
27 | Microsoft Windows Error Reporting 安全漏洞 | CNNVD-202304-830 | CVE-2023-28221 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28221 |
28 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-832 | CVE-2023-28222 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28222 |
29 | Microsoft Windows Point-to-Point Protocol over Ethernet 安全漏洞 | CNNVD-202304-887 | CVE-2023-28224 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28224 |
30 | Microsoft Windows NTLM 安全漏洞 | CNNVD-202304-884 | CVE-2023-28225 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28225 |
31 | Microsoft Bluetooth Driver 安全漏洞 | CNNVD-202304-882 | CVE-2023-28227 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28227 |
32 | Microsoft Windows CNG Key Isolation Service 安全漏洞 | CNNVD-202304-876 | CVE-2023-28229 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229 |
33 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202304-874 | CVE-2023-28231 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28231 |
34 | Microsoft Windows Point-to-Point Tunneling Protocol安全漏洞 | CNNVD-202304-872 | CVE-2023-28232 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28232 |
35 | Microsoft Windows Secure Channel 安全漏洞 | CNNVD-202304-870 | CVE-2023-28233 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28233 |
36 | Microsoft Windows Transport Security Layer 安全漏洞 | CNNVD-202304-869 | CVE-2023-28234 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28234 |
37 | Microsoft Windows ALPC 安全漏洞 | CNNVD-202304-865 | CVE-2023-28236 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28236 |
38 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-862 | CVE-2023-28237 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28237 |
39 | Microsoft Windows Internet Key Exchange 安全漏洞 | CNNVD-202304-860 | CVE-2023-28238 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28238 |
40 | Microsoft Windows Network Load Balancing 安全漏洞 | CNNVD-202304-858 | CVE-2023-28240 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28240 |
41 | Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞 | CNNVD-202304-856 | CVE-2023-28241 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28241 |
42 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-853 | CVE-2023-28243 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28243 |
43 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202304-851 | CVE-2023-28244 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28244 |
44 | Microsoft Windows Registry 安全漏洞 | CNNVD-202304-850 | CVE-2023-28246 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28246 |
45 | Microsoft Windows Network File System 安全漏洞 | CNNVD-202304-848 | CVE-2023-28247 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28247 |
46 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-846 | CVE-2023-28248 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28248 |
47 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202304-845 | CVE-2023-28252 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252 |
48 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-842 | CVE-2023-28254 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28254 |
49 | Microsoft .NET Core 安全漏洞 | CNNVD-202304-838 | CVE-2023-28260 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260 |
50 | Microsoft Visual Studio 安全漏洞 | CNNVD-202304-837 | CVE-2023-28262 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262 |
51 | Microsoft Windows Netlogon安全漏洞 | CNNVD-202304-831 | CVE-2023-28268 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28268 |
52 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-823 | CVE-2023-28272 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28272 |
53 | Microsoft Windows Clip Service 安全漏洞 | CNNVD-202304-821 | CVE-2023-28273 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28273 |
54 | Microsoft Windows Win32K 安全漏洞 | CNNVD-202304-818 | CVE-2023-28274 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28274 |
55 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202304-817 | CVE-2023-28275 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28275 |
56 | Microsoft Office 安全漏洞 | CNNVD-202304-810 | CVE-2023-28285 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28285 |
57 | Microsoft Publisher 安全漏洞 | CNNVD-202304-835 | CVE-2023-28287 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28287 |
58 | Microsoft Windows Raw Image Extension 安全漏洞 | CNNVD-202304-809 | CVE-2023-28291 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28291 |
59 | Microsoft Windows Raw Image Extension 安全漏洞 | CNNVD-202304-806 | CVE-2023-28292 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28292 |
60 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-807 | CVE-2023-28293 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28293 |
61 | Microsoft Publisher 安全漏洞 | CNNVD-202304-840 | CVE-2023-28295 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28295 |
62 | Microsoft Visual Studio 安全漏洞 | CNNVD-202304-805 | CVE-2023-28296 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296 |
63 | Microsoft Windows 安全漏洞 | CNNVD-202304-804 | CVE-2023-28297 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28297 |
64 | Microsoft Azure 安全漏洞 | CNNVD-202304-802 | CVE-2023-28300 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28300 |
65 | Microsoft Message Queuing 安全漏洞 | CNNVD-202304-799 | CVE-2023-28302 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28302 |
66 | Microsoft SQL Server 安全漏洞 | CNNVD-202304-803 | CVE-2023-28304 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28304 |
67 | Microsoft Dynamics 安全漏洞 | CNNVD-202304-794 | CVE-2023-28309 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28309 |
68 | Microsoft Word 安全漏洞 | CNNVD-202304-792 | CVE-2023-28311 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311 |
69 | Microsoft Windows RPC API 安全漏洞 | CNNVD-202304-813 | CVE-2023-21729 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21729 |
70 | Microsoft PostScript Printer Driver安全漏洞 | CNNVD-202304-861 | CVE-2023-24883 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24883 |
71 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-886 | CVE-2023-28223 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28223 |
72 | Microsoft Windows Enroll Engine 安全漏洞 | CNNVD-202304-885 | CVE-2023-28226 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28226 |
73 | Microsoft Windows RDP Client 安全漏洞 | CNNVD-202304-880 | CVE-2023-28228 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28228 |
74 | Microsoft Windows Lock Screen 安全漏洞 | CNNVD-202304-868 | CVE-2023-28235 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28235 |
75 | Microsoft Windows Boot Manager 安全漏洞 | CNNVD-202304-847 | CVE-2023-28249 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28249 |
76 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-843 | CVE-2023-28253 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28253 |
77 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-841 | CVE-2023-28255 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28255 |
78 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-839 | CVE-2023-28256 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28256 |
79 | Microsoft Visual Studio 安全漏洞 | CNNVD-202304-836 | CVE-2023-28263 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263 |
80 | Microsoft Windows Common Log File System Driver 安全漏洞 | CNNVD-202304-834 | CVE-2023-28266 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28266 |
81 | Microsoft Windows RDP Client 安全漏洞 | CNNVD-202304-833 | CVE-2023-28267 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267 |
82 | Microsoft Windows Boot Manager 安全漏洞 | CNNVD-202304-829 | CVE-2023-28269 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28269 |
83 | Microsoft Windows 安全漏洞 | CNNVD-202304-827 | CVE-2023-28270 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28270 |
84 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-825 | CVE-2023-28271 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28271 |
85 | Microsoft Windows Group Policy 安全漏洞 | CNNVD-202304-814 | CVE-2023-28276 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28276 |
86 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-812 | CVE-2023-28277 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28277 |
87 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-815 | CVE-2023-28278 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28278 |
88 | Microsoft SharePoint 安全漏洞 | CNNVD-202304-808 | CVE-2023-28288 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288 |
89 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202304-801 | CVE-2023-28298 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28298 |
90 | Microsoft Visual Studio 安全漏洞 | CNNVD-202304-800 | CVE-2023-28299 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299 |
91 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-798 | CVE-2023-28305 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28305 |
92 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-797 | CVE-2023-28306 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28306 |
93 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-796 | CVE-2023-28307 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28307 |
94 | Microsoft Windows DNS 安全漏洞 | CNNVD-202304-795 | CVE-2023-28308 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28308 |
95 | Microsoft Azure Machine Learning 安全漏洞 | CNNVD-202304-791 | CVE-2023-28312 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28312 |
96 | Microsoft Dynamics 安全漏洞 | CNNVD-202304-790 | CVE-2023-28313 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28313 |
97 | Microsoft Dynamics 安全漏洞 | CNNVD-202304-789 | CVE-2023-28314 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28314 |
此次更新共包括4个更新漏洞的补丁程序,其中超危漏洞1个,高危漏洞2个,中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows 输入验证错误漏洞 | CNNVD-201312-181 | CVE-2013-3900 | 超危 | http://technet.microsoft.com/en-us/security/bulletin/ms13-098 |
2 | Microsoft Windows Active Directory 权限许可和访问控制问题漏洞 | CNNVD-202205-2850 | CVE-2022-26923 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923 |
3 | Microsoft Windows Netlogon 安全漏洞 | CNNVD-202211-2274 | CVE-2022-38023 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 |
4 | Microsoft .NET Core 安全漏洞 | CNNVD-202208-2486 | CVE-2022-34716 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34716 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | curl 资源管理错误漏洞 | CNNVD-202212-3687 | CVE-2022-43552 | 中危 | 个人开发者 | https://curl.se/docs/CVE-2022-43552.html |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
