当前位置: 首页 > 通知公告 > 正文

CNNVD关于微软多个安全漏洞的通报

日期:2023-02-09阅读:

近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞101个,影响到微软产品的其他厂商漏洞0个。包括Microsoft Windows Local Security Authority Subsystem Service 安全漏洞(CNNVD-202301-725、CVE-2023-21524)、Microsoft Windows iSCSI 安全漏洞(CNNVD-202301-810、CVE-2023-21527)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2023年1月10日,微软发布了2023年1月份安全更新,共101个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Authentication Methods、Microsoft Lightweight Directory Access Protocol、Microsoft Windows Management Instrumentation、Microsoft Windows Local Security Authority Subsystem Service、Microsoft OLE DB Provider for SQL Server等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞85个,中危漏洞14个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问

https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括98个新增漏洞的补丁程序,其中高危漏洞84个,中危漏洞13个,低危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Windows Local Security Authority Subsystem Service 安全漏洞

CNNVD-202301-725

CVE-2023-21524

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21524

2

Microsoft Windows iSCSI 安全漏洞

CNNVD-202301-810

CVE-2023-21527

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21527

3

Microsoft Azure 安全漏洞

CNNVD-202301-813

CVE-2023-21531

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21531

4

Microsoft Graphics Component 安全漏洞

CNNVD-202301-726

CVE-2023-21532

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532

5

Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞

CNNVD-202301-731

CVE-2023-21535

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535

6

Microsoft Message Queuing 安全漏洞

CNNVD-202301-814

CVE-2023-21537

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21537

7

Microsoft .NET Core 安全漏洞

CNNVD-202301-730

CVE-2023-21538

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21538

8

Microsoft Windows Authentication Methods 安全漏洞

CNNVD-202301-737

CVE-2023-21539

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21539

9

Microsoft Windows Task Scheduler 安全漏洞

CNNVD-202301-741

CVE-2023-21541

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21541

10

Microsoft Windows Installer 安全漏洞

CNNVD-202301-743

CVE-2023-21542

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21542

11

Microsoft Windows 安全漏洞

CNNVD-202301-750

CVE-2023-21543

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21543

12

Microsoft Windows 安全漏洞

CNNVD-202301-733

CVE-2023-21546

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21546

13

Microsoft Windows IKE Extension 安全漏洞

CNNVD-202301-736

CVE-2023-21547

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21547

14

Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞

CNNVD-202301-748

CVE-2023-21548

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21548

15

Microsoft Windows Workstation 安全漏洞

CNNVD-202301-747

CVE-2023-21549

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21549

16

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202301-753

CVE-2023-21551

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21551

17

Microsoft Graphics Component 安全漏洞

CNNVD-202301-755

CVE-2023-21552

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21552

18

Microsoft Windows 安全漏洞

CNNVD-202301-763

CVE-2023-21555

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21555

19

Microsoft Windows 安全漏洞

CNNVD-202301-757

CVE-2023-21556

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21556

20

Microsoft Lightweight Directory Access Protocol 安全漏洞

CNNVD-202301-758

CVE-2023-21557

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21557

21

Microsoft Windows Error Reporting 安全漏洞

CNNVD-202301-762

CVE-2023-21558

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21558

22

Microsoft Cryptographic 安全漏洞

CNNVD-202301-768

CVE-2023-21561

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21561

23

Microsoft Windows ALPC 安全漏洞

CNNVD-202301-771

CVE-2023-21674

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674

24

Microsoft Windows 安全漏洞

CNNVD-202301-787

CVE-2023-21675

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21675

25

Microsoft Lightweight Directory Access Protocol 安全漏洞

CNNVD-202301-773

CVE-2023-21676

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21676

26

Microsoft Windows IKE Extension 安全漏洞

CNNVD-202301-776

CVE-2023-21677

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21677

27

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202301-777

CVE-2023-21678

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21678

28

Microsoft Windows 安全漏洞

CNNVD-202301-780

CVE-2023-21679

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21679

29

Microsoft Graphics Component 安全漏洞

CNNVD-202301-782

CVE-2023-21680

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21680

30

Microsoft OLE DB Provider for SQL Server 安全漏洞

CNNVD-202301-784

CVE-2023-21681

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21681

31

Microsoft Windows 安全漏洞

CNNVD-202301-783

CVE-2023-21683

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21683

32

Microsoft DWM Core Library 安全漏洞

CNNVD-202301-781

CVE-2023-21724

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21724

33

Microsoft Windows Credential Manager 安全漏洞

CNNVD-202301-779

CVE-2023-21726

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21726

34

Microsoft Local Security Authority Server (lsasrv) 安全漏洞

CNNVD-202301-774

CVE-2023-21728

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21728

35

Microsoft Cryptographic 安全漏洞

CNNVD-202301-775

CVE-2023-21730

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21730

36

Microsoft ODBC Driver 安全漏洞

CNNVD-202301-770

CVE-2023-21732

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21732

37

Microsoft Windows Bind Filter Driver 安全漏洞

CNNVD-202301-769

CVE-2023-21733

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21733

38

Microsoft Office 安全漏洞

CNNVD-202301-766

CVE-2023-21734

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21734

39

Microsoft Office 安全漏洞

CNNVD-202301-764

CVE-2023-21735

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21735

40

Microsoft Office Visio 安全漏洞

CNNVD-202301-761

CVE-2023-21736

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21736

41

Microsoft Office Visio 安全漏洞

CNNVD-202301-759

CVE-2023-21737

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21737

42

Microsoft Office Visio 安全漏洞

CNNVD-202301-760

CVE-2023-21738

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21738

43

Microsoft Bluetooth Driver 安全漏洞

CNNVD-202301-756

CVE-2023-21739

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21739

44

Microsoft Office Visio 安全漏洞

CNNVD-202301-754

CVE-2023-21741

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21741

45

Microsoft SharePoint 安全漏洞

CNNVD-202301-752

CVE-2023-21742

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21742

46

Microsoft SharePoint 安全漏洞

CNNVD-202301-746

CVE-2023-21744

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21744

47

Microsoft Exchange Server 安全漏洞

CNNVD-202301-745

CVE-2023-21745

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21745

48

Microsoft Windows NTLM 安全漏洞

CNNVD-202301-744

CVE-2023-21746

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21746

49

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-742

CVE-2023-21747

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21747

50

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-739

CVE-2023-21748

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21748

51

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-738

CVE-2023-21749

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21749

52

Microsoft Windows 安全漏洞

CNNVD-202301-735

CVE-2023-21750

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21750

53

Microsoft Windows 安全漏洞

CNNVD-202301-734

CVE-2023-21752

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21752

54

Microsoft Windows Management Instrumentation 安全漏洞

CNNVD-202301-729

CVE-2023-21754

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21754

55

Microsoft Windows Kernel 安全漏洞

CNNVD-202301-728

CVE-2023-21755

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21755

56

Microsoft Windows 安全漏洞

CNNVD-202301-727

CVE-2023-21757

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21757

57

Microsoft Windows IKE Extension 安全漏洞

CNNVD-202301-724

CVE-2023-21758

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21758

58

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202301-722

CVE-2023-21760

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21760

59

Microsoft Exchange Server 安全漏洞

CNNVD-202301-721

CVE-2023-21761

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21761

60

Microsoft Exchange Server 安全漏洞

CNNVD-202301-720

CVE-2023-21762

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21762

61

Microsoft Exchange Server 安全漏洞

CNNVD-202301-719

CVE-2023-21763

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21763

62

Microsoft Exchange Server 安全漏洞

CNNVD-202301-718

CVE-2023-21764

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21764

63

Microsoft Windows Print Spooler Components 安全漏洞

CNNVD-202301-717

CVE-2023-21765

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21765

64

Microsoft Windows Overlay Filter 安全漏洞

CNNVD-202301-715

CVE-2023-21767

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21767

65

Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞

CNNVD-202301-714

CVE-2023-21768

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21768

66

Microsoft Windows Local Session Manager (LSM) 安全漏洞

CNNVD-202301-713

CVE-2023-21771

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21771

67

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-712

CVE-2023-21772

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21772

68

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-710

CVE-2023-21773

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21773

69

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-711

CVE-2023-21774

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21774

70

Microsoft Visual Studio Code 安全漏洞

CNNVD-202301-708

CVE-2023-21779

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21779

71

Microsoft 3D Builder 安全漏洞

CNNVD-202301-707

CVE-2023-21780

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21780

72

Microsoft 3D Builder 安全漏洞

CNNVD-202301-706

CVE-2023-21781

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21781

73

Microsoft 3D Builder 安全漏洞

CNNVD-202301-705

CVE-2023-21782

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21782

74

Microsoft 3D Builder 安全漏洞

CNNVD-202301-704

CVE-2023-21783

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21783

75

Microsoft 3D Builder 安全漏洞

CNNVD-202301-703

CVE-2023-21784

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21784

76

Microsoft 3D Builder 安全漏洞

CNNVD-202301-702

CVE-2023-21785

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21785

77

Microsoft 3D Builder 安全漏洞

CNNVD-202301-701

CVE-2023-21786

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21786

78

Microsoft 3D Builder 安全漏洞

CNNVD-202301-699

CVE-2023-21787

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21787

79

Microsoft 3D Builder 安全漏洞

CNNVD-202301-700

CVE-2023-21788

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21788

80

Microsoft 3D Builder 安全漏洞

CNNVD-202301-698

CVE-2023-21789

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21789

81

Microsoft 3D Builder 安全漏洞

CNNVD-202301-697

CVE-2023-21790

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21790

82

Microsoft 3D Builder 安全漏洞

CNNVD-202301-696

CVE-2023-21791

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21791

83

Microsoft 3D Builder 安全漏洞

CNNVD-202301-695

CVE-2023-21792

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21792

84

Microsoft 3D Builder 安全漏洞

CNNVD-202301-694

CVE-2023-21793

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21793

85

Microsoft Windows 安全漏洞

CNNVD-202301-811

CVE-2023-21525

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21525

86

Microsoft Windows Event Tracing 安全漏洞

CNNVD-202301-812

CVE-2023-21536

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21536

87

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202301-740

CVE-2023-21540

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21540

88

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202301-751

CVE-2023-21550

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21550

89

Microsoft Windows Cryptographic Services 安全漏洞

CNNVD-202301-765

CVE-2023-21559

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21559

90

Microsoft Windows Boot Manager 安全漏洞

CNNVD-202301-767

CVE-2023-21560

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21560

91

Microsoft Windows BitLocker 安全漏洞

CNNVD-202301-772

CVE-2023-21563

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21563

92

Microsoft Windows Point-to-Point Tunneling Protocol 安全漏洞

CNNVD-202301-785

CVE-2023-21682

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21682

93

Microsoft Windows Malicious Software Removal Tool 安全漏洞

CNNVD-202301-778

CVE-2023-21725

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21725

94

Microsoft SharePoint 安全漏洞

CNNVD-202301-749

CVE-2023-21743

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21743

95

Microsoft Windows Kernel 安全漏洞

CNNVD-202301-732

CVE-2023-21753

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21753

96

Microsoft Windows Overlay Filter 安全漏洞

CNNVD-202301-716

CVE-2023-21766

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21766

97

Microsoft Windows Virtual Registry Provider 安全漏洞

CNNVD-202301-709

CVE-2023-21776

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21776

98

Microsoft Windows Smart Card 安全漏洞

CNNVD-202301-723

CVE-2023-21759

低危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21759

此次更新共包括3个更新漏洞的补丁程序,其中超危漏洞1个,高危漏洞1个,中危漏洞1个。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft Graphics Component 安全漏洞

CNNVD-202212-3050

CVE-2022-47211

超危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47211

2

Microsoft Graphics Component 安全漏洞

CNNVD-202211-2255

CVE-2022-41113

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41113

3

Microsoft Windows BitLocker 安全漏洞

CNNVD-202211-2254

CVE-2022-41099

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

https://msrc.microsoft.com/update-guide/en-us

来源:国家信息安全漏洞库 (cnnvd.org.cn)

 

返回顶部
0513-85559500江苏省南通市通宁大道8号
苏ICP备19011223号      苏公网安备 32061102000318号        CopyRight©江苏省南通中等专业学校信息中心   版权所有