澳门金沙娱乐城官网-金沙官网

今天是
今日新發布通知公告0條 | 上傳規范

2024年5月網絡安全風險提示

發布日期:2024-05-23

【漏洞信息】

  微軟公司近日發布了2024年5月份安全更新公告,包含了Windows DWM 核心庫、Windows MSHTML、Windows Common Log File System Driver和Microsoft SharePoint Server等微軟家族多個軟件的安全更新補丁。利用上述漏洞,攻擊者可進行欺騙,繞過安全功能限制,獲取敏感信息,提升權限,執行遠程代碼,或發起拒絕服務攻擊等。我中心提醒全校師生用戶盡快下載補丁更新,避免引發漏洞相關的網絡安全事件。

  根據公告,此次更新中修復的Windows DWM 核心庫特權提升漏洞(CVE-2024-30051)、Windows MSHTML平臺安全功能繞過漏洞(CVE-2024-30040)、Windows Common Log File System Driver特權提升漏洞(CVE-2024-30025)、Windows DWM 核心庫特權提升漏洞(CVE-2024-30032)、Windows DWM核心庫特權提升漏洞(CVE-2024-30035)、Windows Common Log File System Driver特權提升漏洞(CVE-2024-30037)和Microsoft SharePoint Server遠程代碼執行漏洞(CVE-2024-30044)風險較大。建議盡快安裝安全更新補丁或采取臨時緩解措施加固系統。

 

CVE編號

漏洞名稱

危害等級

漏洞處置等級

CVE-2024-30051

Windows DWM 核心庫特權提升漏洞

高危

2級

CVE-2024-30040

Windows MSHTML平臺安全功能繞過漏洞

高危

2級

CVE-2024-30025

Windows Common Log File System Driver特權提升漏洞

高危

2級

CVE-2024-30032

Windows DWM 核心庫特權提升漏洞

高危

2級

CVE-2024-30035

Windows DWM核心庫特權提升漏洞

高危

2級

CVE-2024-30037

Windows Common Log File System Driver特權提升漏洞

高危

2級

CVE-2024-30044

Microsoft SharePoint Server遠程代碼執行漏洞

高危

2級

【重點關注漏洞】

  1Windows DWM核心庫特權提升漏洞(CVE-2024-30051

漏洞類型

權限提升

CVSS3.1評分

7.8

POC情況

已發現

EXP情況

已發現

在野利用情況

已發現

研究情況

已發現

影響主體


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)


CVSS向量


訪問途徑(AV

本地

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  2Windows MSHTML平臺安全功能繞過漏洞(CVE-2024-30040

漏洞類型

安全特性繞過

CVSS3.1評分

8.8

POC情況

未發現

EXP情況

未發現

在野利用情況

已發現

研究情況

分析中

影響版本


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)


CVSS向量


訪問途徑(AV

網絡

攻擊復雜度(AC

所需權限(PR

無需任何權限

用戶交互(UI

需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  3Windows Common Log File System Driver特權提升漏洞(CVE-2024-30025)

漏洞類型

權限提升

CVSS3.1評分

7.8

POC情況

未發現

EXP情況

未發現

在野利用情況

未發現

研究情況

分析中

影響版本


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)


CVSS向量


訪問途徑(AV

本地

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  4Windows DWM 核心庫特權提升漏洞(CVE-2024-30032

漏洞類型

權限提升

CVSS3.1評分

7.8

POC情況

未發現

EXP情況

未發現

在野利用情況

未發現

研究情況

分析中

影響版本


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量


訪問途徑(AV

本地

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  5Windows DWM 核心庫特權提升漏洞(CVE-2024-30035

漏洞類型

權限提升

CVSS3.1評分

7.8

POC情況

未發現

EXP情況

未發現

在野利用情況

未發現

研究情況

分析中

影響版本


Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量


訪問途徑(AV

本地

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  6Windows Common Log File System Driver特權提升漏洞(CVE-2024-30037

漏洞類型

權限提升

CVSS3.1評分

7.8

POC情況

未發現

EXP情況

未發現

在野利用情況

未發現

研究情況

分析中

影響版本


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量


訪問途徑(AV

本地

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A





  7Microsoft SharePoint Server遠程代碼執行漏洞(CVE-2024-30044)

漏洞類型

遠程代碼執行

CVSS3.1評分

7.8

POC情況

未發現

EXP情況

未發現

在野利用情況

未發現

研究情況

分析中

影響版本


Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

CVSS向量


訪問途徑(AV

網絡

攻擊復雜度(AC

所需權限(PR

用戶交互(UI

不需要用戶交互

影響范圍(S

不變

機密性影響(C

完整性影響(I

可用性影響(A

【修復方案】

  官方修復方案:

  目前微軟針對支持的產品已發布升級補丁修復了上述漏洞,請用戶參考官方通告及時下載更新補丁。補丁獲取:https://msrc.microsoft.com/update-guide/vulnerability
  Windows 更新:

  自動更新:Microsoft Update默認啟用,當系統檢測到可用更新時,將會自動下載更新并在下一次啟動時安裝。

  手動更新:

  1、點擊“開始菜單”或按Windows快捷鍵,點擊進入“設置”。

  2、選擇“更新和安全”,進入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通過控制面板進入“Windows更新”,具體步驟為“控制面板”->“系統和安全”->“Windows更新”)。

  3、選擇“檢查更新”,等待系統將自動檢查并下載可用更新。

  4、重啟計算機,安裝更新系統重新啟動后,可通過進入“Windows更新”->“查看更新歷史記錄”查看是否成功安裝了更新。


【參考資料】

  https://msrc.microsoft.com/update-guide/releaseNote/2024-May


網絡信息技術中心

2024年5月23日



杨筠松 24山 图| 新朝代百家乐开户网站| 百家乐官网娱乐城博彩| 刀把状的房子做生意| 大发888主页| 大发888网页出纳柜台| 中华百家乐官网娱乐城| 淘金百家乐的玩法技巧和规则| 百家乐官网庄闲几率| 苹果百家乐官网的玩法技巧和规则| 威尼斯人娱乐网上百家乐| 澳门百家乐官网牌例| 百家乐官网代理合作| 娱乐城开户送现金| 百家乐园会员注册| 东方太阳城租房| 寿宁县| 百家乐侧牌器| 利辛县| 百家乐五星宏辉怎么玩| 正定县| 现金百家乐| 百家乐官网网址皇冠现金网| 湄潭太阳城房价| 德晋百家乐官网的玩法技巧和规则| 全景网百家乐的玩法技巧和规则 | 真人百家乐皇冠网| 金都百家乐的玩法技巧和规则| 百家乐官网的注码技巧| 澳门百家乐实战视频| 百家乐园百乐彩| 百家乐官网凯时赌场娱乐网规则| 钱柜娱乐城现金网| 南京百家乐菜籽油| 葡京百家乐注码| 百家乐官网注册优惠平台| 百家乐真人游戏赌场娱乐网规则| 百家乐官网游戏规范| 宝格丽百家乐官网娱乐城| 尖扎县| 六合彩官方网|