2023年3月網絡安全風險提示
【漏洞公告】
微軟公司近日發布了3月安全更新公告,包含了微軟家族多個軟件的安全更新補丁,包括:Microsoft Outlook、Windows SmartScreen、Internet Control Message Protocol、Windows HTTP.sys等多個CVE安全漏洞補丁。利用上述漏洞,攻擊者可以繞過安全功能限制,獲取敏感信息,提升權限,執行遠程代碼,或發起拒絕服務攻擊等。我中心提醒全校師生用戶盡快下載補丁更新,避免引發漏洞相關的網絡安全事件。
參考鏈接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
根據公告,此次更新中修復的 Internet Control Message Protocol (ICMP)遠程代碼執行漏洞(CVE-2023-23415)、Windows Cryptographic Services 遠程代碼執行漏洞(CVE-2023-23416)、HTTP Protocol Stack 遠程代碼執行漏洞(CVE-2023-23392)、Windows Hyper-V拒絕服務漏洞(CVE-2023-23411)、TPM2.0 Module Library權限提升漏洞(CVE-2023-1017、CVE-2023-1018)、Windows Point-to-Point Tunneling Protocol遠程代碼執行漏洞(CVE-2023-23404)、Remote Procedure Call Runtime遠程代碼執行漏洞 (CVE-2023-21708)、Windows圖形組特權提升級漏洞(CVE-2023-24861)、 Windows HTTP.sys權限提升漏洞(CVE-2023-23410)、Windows HTTP.sys 權限提升漏洞(CVE-2023-23398)風險較大。其中Microsoft Outlook權限提升漏洞(CVE-2023-23397)、Windows SmartScreen 安全功能繞過漏洞(CVE-2023-24880)存在在野利用,建議盡快安裝安全更新補丁或采取臨時緩解措施加固系統。
相關鏈接參考:
https://msrc.microsoft.com/update-guide/vulnerability/
【影響范圍】
Microsoft Outlook權限提升漏洞(CVE-2023-23397):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Windows SmartScreen安全功能繞過漏洞(CVE-2023-24880):
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Internet Control Message Protocol(ICMP)遠程代碼執行漏洞(CVE-2023-23415):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Cryptographic Services遠程代碼執行漏洞(CVE-2023-23416):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
HTTP 協議堆棧遠程代碼執行漏洞(CVE-2023-23392):
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Hyper-V 拒絕服務漏洞(CVE-2023-23411):
Windows 10 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
TPM2.0 Module Library 權限提升漏洞(CVE-2023-1017、CVE-2023-1018):
Windows 10 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Point-to-Point Tunneling Protocol遠程代碼執行漏洞(CVE-2023-23404):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Remote Procedure Call Runtime遠程代碼執行漏洞(CVE-2023-21708):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 圖形組件權限提升漏洞(CVE-2023-24861):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows HTTP.sys權限提升漏洞(CVE-2023-23410):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Excel欺騙漏洞(CVE-2023-23398):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
3月安全公告列表,包含的其他漏洞快速閱讀指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
CVE-2023-23408|Azure Apache Ambari 欺騙漏洞
CVE-2023-23409|客戶端服務器運行時子系統(CSRSS)信息泄露漏洞
CVE-2023-23394|客戶端服務器運行時子系統(CSRSS)信息泄露漏洞
CVE-2023-23388|Windows 藍牙驅動程序特權提升漏洞
CVE-2023-24920|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24879|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24919|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24891|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24922|Microsoft Dynamics 365信息泄露漏洞
CVE-2023-24921|Microsoft Dynamics 365 (on-premises)跨站腳本漏洞
CVE-2023-24892|Microsoft Edge(基于 Chromium)Webview2欺騙漏洞
CVE-2023-24910|Windows圖形組件特權提升漏洞
CVE-2023-23396|Microsoft Excel拒絕服務漏洞
CVE-2023-23399|Microsoft Excel遠程代碼執行漏洞
CVE-2023-23395|Microsoft SharePoint Server欺騙漏洞
CVE-2023-24890|Microsoft OneDrive for iOS安全功能繞過漏洞
CVE-2023-24930|Microsoft OneDrive for MacOS特權提升漏洞
CVE-2023-24882|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24923|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24907|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24857|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24868|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24872|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24876|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24913|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24864|Microsoft PostScript和PCL6類打印機驅動程序特權提升漏洞
CVE-2023-24866|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24906|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24867|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24863|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24858|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24911|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24870|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24909|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-23406|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-23413|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-24856|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-24865|Microsoft PostScript和PCL6類打印機驅動程序信息泄露漏洞
CVE-2023-23403|Microsoft PostScript和PCL6類打印機驅動程序遠程代碼執行漏洞
CVE-2023-23401|Windows Media遠程代碼執行漏洞
CVE-2023-23402|Windows Media遠程代碼執行漏洞
CVE-2023-23391|Office for Android欺騙漏洞
CVE-2023-23400|Windows DNS服務器遠程代碼執行漏洞
CVE-2023-23383|Service Fabric Explorer欺騙漏洞
CVE-2023-23412|Windows帳戶圖片特權提升漏洞
CVE-2023-24871|Windows藍牙服務遠程代碼執行漏洞
CVE-2023-23393|Windows BrokerInfrastructure服務特權提升漏洞
CVE-2023-23389|Microsoft Defender特權提升漏洞
CVE-2023-24859|Windows Internet密鑰交換 (IKE)擴展拒絕服務漏洞
CVE-2023-23420|Windows內核特權提升漏洞
CVE-2023-23422|Windows內核特權提升漏洞
CVE-2023-23421|Windows內核特權提升漏洞
CVE-2023-23423|Windows內核特權提升漏洞
CVE-2023-23417|Windows分區管理驅動程序特權提升漏洞
CVE-2023-23407|Windows以太網點對點協議(PPPoE)遠程代碼執行漏洞
CVE-2023-23385|Windows 以太網點對點協議(PPPoE)特權提升漏洞
CVE-2023-23414|Windows 以太網點對點協議(PPPoE)遠程代碼執行漏洞
CVE-2023-23405|Remote Procedure Call Runtime遠程代碼執行漏洞
CVE-2023-24869|Remote Procedure Call Runtime遠程代碼執行漏洞
CVE-2023-24908|Remote Procedure Call Runtime遠程代碼執行漏洞
CVE-2023-23419|Windows彈性文件系統(ReFS)特權提升漏洞
CVE-2023-23418|Windows彈性文件系統(ReFS)特權提升漏洞
CVE-2023-24862|Windows安全通道拒絕服務漏洞
【漏洞描述】
Microsoft Outlook權限提升漏洞(CVE-2023-23397):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
是 |
已公開 |
未公開 |
已發現 |
Microsoft Outlook 存在權限提升漏洞,未經身份驗證的遠程攻擊者可以向受害者發送特制的電子郵件,導致受害者連接到攻擊者控制的外部 UNC 位置。這會將受害者的 Net-NTLMv2 散列泄露給攻擊者,然后攻擊者可以將其中繼到另一個服務并作為受害者進行身份驗證。值得注意的是,電子郵件服務器檢索和處理電子郵件時(例如在預覽 窗格中查看電子郵件之前)會自動觸發漏洞。
Windows SmartScreen安全功能繞過漏洞(CVE-2023-24880):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
是 |
已公開 |
未公開 |
已發現 |
Windows SmartScreen存在安全特性繞過漏洞,未經身份驗證的遠程攻擊者可以誘騙受害者打開特制文件并繞過Web標記(MOTW)防御。此漏洞已被用于在野攻擊。
Internet Control Message Protocol(ICMP)遠程代碼執行漏洞(CVE-2023-23415):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Internet Control Message Protocol (ICMP)存在遠程代碼執行漏洞,未經身份驗證的遠程攻擊者可通過向目標系統發送特制的ICMP報文來利用此漏洞,成功利用此漏洞可能在目標系統上執行任意代碼。此漏洞觸發存在前置條件,目標主機上需要運行綁定到原始套接字的應用程序。
Windows Cryptographic Services遠程代碼執行漏洞(CVE-2023-23416):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Windows Cryptographic Services 存在遠程代碼執行漏洞,利用該漏洞,需要在受影響的系統上導入惡意證書。攻擊者可以將證書上傳到處理或導入證書的服務,或者說服用戶在他們的系統上導入證書。成功利用該漏洞可以在目標系統上以該用戶權限執行任意代碼。
HTTP 協議堆棧遠程代碼執行漏洞(CVE-2023-23392):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
HTTP 協議堆棧存在遠程代碼執行漏洞,未經身份驗證的遠程攻擊者可以特制的數據包發送到目標服務器,成功利用該漏洞在目標服務器上執行任意代碼。服務器易受攻擊的先決條件是綁定啟用了 HTTP/3,并且服務器使用緩沖 I/O。
Windows Hyper-V拒絕服務漏洞(CVE-2023-23411)
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Windows Hyper-V 存在拒絕服務漏洞,經過身份驗證的攻擊者可利用該漏洞導致 Hyper-V 主機拒絕服務。
TPM2.0 Module Library權限提升漏洞(CVE-2023-1017、CVE-2023-1018):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
TPM2.0 Module Library存在越界寫漏洞(CVE-2023-1017 、 CVE-2023-1018),經過身份驗證的攻擊者可以在緩沖區中越界寫入兩個字節,可導致拒絕服務或在TPM上下文中執行任意代碼。來賓VM中經過身份驗證的攻擊者 可通過向Hyper-V發送特制TPM命令來利用此漏洞,成功利用此漏洞可能獲得提升的權限。
Windows Point-to-Point Tunneling Protocol遠程代碼執行漏洞(CVE-2023-23404):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Windows Point-to-Point Tunneling Protocol存在遠程代碼執行漏洞,未經身份驗證的遠程攻擊者可以向目標RAS服務器發送特制連接請求,成功利用利用該漏洞 可以在目標系統上執行任意代碼。
Remote Procedure Call Runtime遠程代碼執行漏洞(CVE-2023-21708):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Remote Procedure Call Runtime存在遠程代碼執行漏洞,未經身份驗證的攻擊者可以向目標RPC主機發送特制的RPC調用。成功利用該漏洞可以在服務器端以與RPC服務相同的權限執行遠程代碼。在企業外圍防火墻阻止TCP的135端口,可以降低一些針對此漏洞的潛在攻擊的可能性。
Windows圖形組件權限提升漏洞(CVE-2023-24861)
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Windows圖形組件存在權限提升漏洞,經過身份認證的攻擊者可通過在目標系統上執行特制程序來利用此漏洞,成功利用此漏洞可提升至SYSTEM權限。
Windows HTTP.sys權限提升漏洞(CVE-2023-23410)
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Windows HTTP.sys存在權限提升漏洞,經過身份認證的攻擊者利用此漏洞可將權限提升至SYSTEM權限。
Microsoft Excel欺騙漏洞(CVE-2023-23398):
細節是否公開 |
POC狀態 |
EXP狀態 |
在野利用 |
否 |
未公開 |
未公開 |
未發現 |
Microsoft Excel存在欺騙漏洞,未經身份驗證的攻擊者可以誘導用戶打開特制文件,然后單擊安全警告提示“啟用內容”。成功利用此漏洞的攻擊者可以誘騙用戶啟用他們無法檢查的內容。
【緩解措施】
高危:目前漏洞細節雖未公開,但是惡意攻擊者可以通過補丁對比方式分析出漏洞觸發點,并進一步開發漏洞利用代碼,Microsoft 已發布相關安全更新,鑒于漏洞的嚴重性,建議受影響的用戶盡快修復。安恒信息將在產品的例行更新中加入相關攻擊檢測和防護能力。
(一)Windows 更新:
自動更新:
Microsoft Update 默認啟用,當系統檢測到可用更新時,將會自動下載更新并在下一次啟動時安裝。
手動更新:
1、點擊“開始菜單”或按Windows快捷鍵,點擊進入“設置”。
2、選擇“更新和安全”,進入“Windows 更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通過控制面板進入“Windows更新”,具體步驟為“控制面板”->“系統和安全”->“Windows更新”)
3、選擇“檢查更新”,等待系統將自動檢查并下載可用更新。
4、重啟計算機,安裝更新系統重新啟動后,可通過進入“Windows 更新”->“查看更新歷史記錄”查看是否成功安裝了更新。
(二)目前微軟針對支持的產品已發布升級補丁修復了上述漏洞,請用戶參考官方通告及時下載更新補丁。
補丁獲取:
https://msrc.microsoft.com/update-guide/vulnerability