近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞51个,影响到微软产品的其他厂商漏洞1个。包括Microsoft Windows Network File System 安全漏洞(CNNVD-202305-749、CVE-2023-24941)、Microsoft Windows PGM 安全漏洞(CNNVD-202305-747、CVE-2023-24943)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年5月9日,微软发布了2023年5月份安全更新,共52个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Bluetooth Driver、Microsoft Teams、Microsoft Windows Win32K、Microsoft Remote Desktop Client、Microsoft Windows Codecs Library等。CNNVD对其危害等级进行了评价,其中超危漏洞3个,高危漏洞32个,中危漏洞16个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括38个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞24个,中危漏洞11个,低危漏洞1个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Windows Network File System 安全漏洞 |
CNNVD-202305-749 |
CVE-2023-24941 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941 |
2 |
Microsoft Windows PGM 安全漏洞 |
CNNVD-202305-747 |
CVE-2023-24943 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943 |
3 |
Microsoft Windows SMB 安全漏洞 |
CNNVD-202305-765 |
CVE-2023-24898 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24898 |
4 |
Microsoft Graphics Component 安全漏洞 |
CNNVD-202305-764 |
CVE-2023-24899 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24899 |
5 |
Microsoft Windows NFS Portmapper 安全漏洞 |
CNNVD-202305-768 |
CVE-2023-24901 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24901 |
6 |
Microsoft Windows Win32K 安全漏洞 |
CNNVD-202305-766 |
CVE-2023-24902 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24902 |
7 |
Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞 |
CNNVD-202305-770 |
CVE-2023-24903 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903 |
8 |
Microsoft Windows Installer 安全漏洞 |
CNNVD-202305-771 |
CVE-2023-24904 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24904 |
9 |
Microsoft Remote Desktop Client 安全漏洞 |
CNNVD-202305-769 |
CVE-2023-24905 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24905 |
10 |
Microsoft Windows NFS Portmapper 安全漏洞 |
CNNVD-202305-761 |
CVE-2023-24939 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24939 |
11 |
Microsoft Windows PGM 安全漏洞 |
CNNVD-202305-750 |
CVE-2023-24940 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24940 |
12 |
Microsoft Windows Remote Procedure Call Runtime 安全漏洞 |
CNNVD-202305-748 |
CVE-2023-24942 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24942 |
13 |
Microsoft Windows Backup Engine 安全漏洞 |
CNNVD-202305-744 |
CVE-2023-24946 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24946 |
14 |
Microsoft Bluetooth Driver 安全漏洞 |
CNNVD-202305-743 |
CVE-2023-24947 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24947 |
15 |
Microsoft Bluetooth Driver 安全漏洞 |
CNNVD-202305-742 |
CVE-2023-24948 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24948 |
16 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202305-741 |
CVE-2023-24949 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24949 |
17 |
Microsoft Excel 安全漏洞 |
CNNVD-202305-739 |
CVE-2023-24953 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953 |
18 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202305-737 |
CVE-2023-24955 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955 |
19 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202305-735 |
CVE-2023-28283 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283 |
20 |
Microsoft Windows OLE 安全漏洞 |
CNNVD-202305-731 |
CVE-2023-29325 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325 |
21 |
Microsoft Word 安全漏洞 |
CNNVD-202305-730 |
CVE-2023-29335 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335 |
22 |
Microsoft Windows Win32K 安全漏洞 |
CNNVD-202305-733 |
CVE-2023-29336 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336 |
23 |
Microsoft Windows Codecs Library 安全漏洞 |
CNNVD-202305-727 |
CVE-2023-29340 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29340 |
24 |
Microsoft Windows Codecs Library 安全漏洞 |
CNNVD-202305-726 |
CVE-2023-29341 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29341 |
25 |
Microsoft SysInternals 安全漏洞 |
CNNVD-202305-725 |
CVE-2023-29343 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343 |
26 |
Microsoft Office 安全漏洞 |
CNNVD-202305-797 |
CVE-2023-29344 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29344 |
27 |
Microsoft Windows NTLM 安全漏洞 |
CNNVD-202305-763 |
CVE-2023-24900 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24900 |
28 |
Microsoft Windows Secure Boot 安全漏洞 |
CNNVD-202305-767 |
CVE-2023-24932 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932 |
29 |
Microsoft Bluetooth Driver 安全漏洞 |
CNNVD-202305-746 |
CVE-2023-24944 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24944 |
30 |
Microsoft Windows iSCSI Target Service 安全漏洞 |
CNNVD-202305-745 |
CVE-2023-24945 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24945 |
31 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202305-740 |
CVE-2023-24950 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950 |
32 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202305-738 |
CVE-2023-24954 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954 |
33 |
Microsoft Windows Secure Boot 安全漏洞 |
CNNVD-202305-736 |
CVE-2023-28251 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28251 |
34 |
Microsoft Remote Desktop Client 安全漏洞 |
CNNVD-202305-734 |
CVE-2023-28290 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28290 |
35 |
Microsoft Windows MSHTML Platform 安全漏洞 |
CNNVD-202305-732 |
CVE-2023-29324 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29324 |
36 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202305-728 |
CVE-2023-29338 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29338 |
37 |
Microsoft Teams 安全漏洞 |
CNNVD-202305-829 |
CVE-2023-24881 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24881 |
38 |
Microsoft Office Access 安全漏洞 |
CNNVD-202305-729 |
CVE-2023-29333 |
低危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29333 |
此次更新共包括13个更新漏洞的补丁程序,其中超危漏洞1个,高危漏洞8个,中危漏洞4个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Windows 输入验证错误漏洞 |
CNNVD-201312-181 |
CVE-2013-3900 |
超危 |
http://technet.microsoft.com/en-us/security/bulletin/ms13-098 |
2 |
Microsoft Outlook 缓冲区错误漏洞 |
CNNVD-202104-839 |
CVE-2021-28452 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28452 |
3 |
Microsoft Windows 竞争条件问题漏洞 |
CNNVD-202209-922 |
CVE-2022-26928 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26928 |
4 |
Microsoft Excel 安全漏洞 |
CNNVD-202211-2256 |
CVE-2022-41104 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104 |
5 |
Microsoft Graphics Component 安全漏洞 |
CNNVD-202212-3012 |
CVE-2022-41121 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121 |
6 |
Microsoft Office Visio 安全漏洞 |
CNNVD-202301-760 |
CVE-2023-21738 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21738 |
7 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202301-708 |
CVE-2023-21779 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21779 |
8 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1053 |
CVE-2023-24858 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24858 |
9 |
Microsoft Edge 输入验证错误漏洞 |
CNNVD-202303-1024 |
CVE-2023-24892 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24892 |
10 |
Microsoft Service Fabric 安全漏洞 |
CNNVD-202303-1016 |
CVE-2023-23383 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
11 |
Microsoft Excel 资源管理错误漏洞 |
CNNVD-202303-1033 |
CVE-2023-23396 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
12 |
Microsoft Excel 安全漏洞 |
CNNVD-202303-1038 |
CVE-2023-23398 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
13 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202303-1011 |
CVE-2023-24911 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24911 |
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
1 |
AMD Processors 信息泄露漏洞 |
CNNVD-202207-986 |
CVE-2022-29900 |
中危 |
AMD |
http://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 |