近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞77个,影响到微软产品的其他厂商漏洞8个。包括Microsoft SharePoint 安全漏洞(CNNVD-202306-940、CVE-2023-29357)、Microsoft Windows PGM 安全漏洞(CNNVD-202306-959、CVE-2023-29363)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2023年6月13日,微软发布了2023年6月份安全更新,共85个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Visual Studio和Microsoft .NET、Microsoft Visual Studio和Microsoft、Microsoft Windows iSCSI、Microsoft Windows Hyper-V、Microsoft Windows Bus Filter Driver等。CNNVD对其危害等级进行了评价,其中超危漏洞4个,高危漏洞54个,中危漏洞24个,低危漏洞3个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括70个新增漏洞的补丁程序,其中超危漏洞4个,高危漏洞43个,中危漏洞21个,低危漏洞2个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202306-940 |
CVE-2023-29357 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 |
2 |
Microsoft Windows PGM 安全漏洞 |
CNNVD-202306-959 |
CVE-2023-29363 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363 |
3 |
Microsoft Windows PGM 安全漏洞 |
CNNVD-202306-993 |
CVE-2023-32014 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014 |
4 |
Microsoft Windows PGM 安全漏洞 |
CNNVD-202306-995 |
CVE-2023-32015 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015 |
5 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202306-921 |
CVE-2023-21565 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565 |
6 |
Microsoft Visual Studio和Microsoft .NET安全漏洞 |
CNNVD-202306-924 |
CVE-2023-24895 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895 |
7 |
Microsoft Visual Studio和Microsoft .NET安全漏洞 |
CNNVD-202306-908 |
CVE-2023-24897 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897 |
8 |
多款Microsoft产品安全漏洞 |
CNNVD-202306-853 |
CVE-2023-24936 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
9 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202306-904 |
CVE-2023-28310 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 |
10 |
Microsoft .NET Framework安全漏洞 |
CNNVD-202306-918 |
CVE-2023-29326 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326 |
11 |
Microsoft .NET Core安全漏洞 |
CNNVD-202306-854 |
CVE-2023-29331 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331 |
12 |
Microsoft Windows NTFS 安全漏洞 |
CNNVD-202306-938 |
CVE-2023-29346 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346 |
13 |
Microsoft Windows Group Policy 安全漏洞 |
CNNVD-202306-942 |
CVE-2023-29351 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351 |
14 |
Microsoft Windows GDI+ 安全漏洞 |
CNNVD-202306-947 |
CVE-2023-29358 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358 |
15 |
Microsoft Windows GDI+ 安全漏洞 |
CNNVD-202306-949 |
CVE-2023-29359 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359 |
16 |
Microsoft Windows TPM Device Driver 安全漏洞 |
CNNVD-202306-954 |
CVE-2023-29360 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 |
17 |
Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 |
CNNVD-202306-953 |
CVE-2023-29361 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361 |
18 |
Microsoft Remote Desktop Client 安全漏洞 |
CNNVD-202306-952 |
CVE-2023-29362 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29362 |
19 |
Microsoft Windows Authentication 安全漏洞 |
CNNVD-202306-958 |
CVE-2023-29364 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364 |
20 |
Microsoft Windows Media Foundation 安全漏洞 |
CNNVD-202306-961 |
CVE-2023-29365 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29365 |
21 |
Microsoft Windows Geolocation Service 安全漏洞 |
CNNVD-202306-963 |
CVE-2023-29366 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29366 |
22 |
Microsoft iSCSI Target WMI Provider 安全漏洞 |
CNNVD-202306-965 |
CVE-2023-29367 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29367 |
23 |
Microsoft Windows Filtering 安全漏洞 |
CNNVD-202306-967 |
CVE-2023-29368 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29368 |
24 |
Microsoft Windows Media Foundation 安全漏洞 |
CNNVD-202306-972 |
CVE-2023-29370 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29370 |
25 |
Microsoft Windows GDI+ 安全漏洞 |
CNNVD-202306-976 |
CVE-2023-29371 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29371 |
26 |
Microsoft OLE DB Provider for SQL Server 安全漏洞 |
CNNVD-202306-978 |
CVE-2023-29372 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29372 |
27 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202306-975 |
CVE-2023-29373 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29373 |
28 |
Microsoft Windows Resilient File System (ReFS) 安全漏洞 |
CNNVD-202306-932 |
CVE-2023-32008 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32008 |
29 |
Microsoft Windows Collaborative Translation Framework 安全漏洞 |
CNNVD-202306-930 |
CVE-2023-32009 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32009 |
30 |
Microsoft Windows Bus Filter Driver 安全漏洞 |
CNNVD-202306-971 |
CVE-2023-32010 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32010 |
31 |
Microsoft Windows iSCSI 安全漏洞 |
CNNVD-202306-986 |
CVE-2023-32011 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32011 |
32 |
Microsoft PostScript Printer Driver 安全漏洞 |
CNNVD-202306-1000 |
CVE-2023-32017 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017 |
33 |
Microsoft Windows Hello 安全漏洞 |
CNNVD-202306-1002 |
CVE-2023-32018 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32018 |
34 |
Microsoft Windows SMB Server 安全漏洞 |
CNNVD-202306-1016 |
CVE-2023-32021 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32021 |
35 |
Microsoft Windows Server 安全漏洞 |
CNNVD-202306-1019 |
CVE-2023-32022 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022 |
36 |
Microsoft Excel 安全漏洞 |
CNNVD-202306-913 |
CVE-2023-32029 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32029 |
37 |
Microsoft .NET 安全漏洞 |
CNNVD-202306-1023 |
CVE-2023-32030 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030 |
38 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202306-915 |
CVE-2023-32031 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 |
39 |
Microsoft .NET 安全漏洞 |
CNNVD-202306-1024 |
CVE-2023-33126 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126 |
40 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 |
CNNVD-202306-861 |
CVE-2023-33128 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128 |
41 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202306-1027 |
CVE-2023-33130 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 |
42 |
Microsoft Outlook 安全漏洞 |
CNNVD-202306-1038 |
CVE-2023-33131 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33131 |
43 |
Microsoft Excel 缓冲区错误漏洞 |
CNNVD-202306-1031 |
CVE-2023-33133 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33133 |
44 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 |
CNNVD-202306-980 |
CVE-2023-33135 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135 |
45 |
Microsoft Excel 安全漏洞 |
CNNVD-202306-916 |
CVE-2023-33137 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33137 |
46 |
Microsoft Office 安全漏洞 |
CNNVD-202306-920 |
CVE-2023-33146 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33146 |
47 |
Microsoft ASP.NET Core 安全漏洞 |
CNNVD-202306-1008 |
CVE-2023-33141 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141 |
48 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202306-922 |
CVE-2023-21569 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569 |
49 |
Microsoft Windows CryptoAPI 安全漏洞 |
CNNVD-202306-910 |
CVE-2023-24938 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938 |
50 |
Windows Remote Desktop Security 安全漏洞 |
CNNVD-202306-939 |
CVE-2023-29352 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352 |
51 |
Microsoft SysInternals 安全漏洞 |
CNNVD-202306-912 |
CVE-2023-29353 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353 |
52 |
Microsoft Windows DHCP Server 安全漏洞 |
CNNVD-202306-944 |
CVE-2023-29355 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 |
53 |
Microsoft Windows Remote Procedure Call Runtime 安全漏洞 |
CNNVD-202306-970 |
CVE-2023-29369 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369 |
54 |
Microsoft Windows Container Manager Service 安全漏洞 |
CNNVD-202306-988 |
CVE-2023-32012 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32012 |
55 |
Microsoft Windows Hyper-V 安全漏洞 |
CNNVD-202306-991 |
CVE-2023-32013 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32013 |
56 |
Microsoft Windows Installer 安全漏洞 |
CNNVD-202306-996 |
CVE-2023-32016 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016 |
57 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202306-1010 |
CVE-2023-32019 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019 |
58 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202306-1029 |
CVE-2023-33129 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 |
59 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202306-985 |
CVE-2023-33132 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 |
60 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202306-919 |
CVE-2023-33139 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 |
61 |
Microsoft Office OneNote 安全漏洞 |
CNNVD-202306-990 |
CVE-2023-33140 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140 |
62 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202306-998 |
CVE-2023-33142 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 |
63 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202306-1012 |
CVE-2023-33144 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144 |
64 |
Microsoft Edge 安全漏洞 |
CNNVD-202306-1015 |
CVE-2023-33145 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33145 |
65 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202306-905 |
CVE-2023-24896 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24896 |
66 |
Microsoft Windows CryptoAPI安全漏洞 |
CNNVD-202306-907 |
CVE-2023-24937 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937 |
67 |
Microsoft NuGet Client 安全漏洞 |
CNNVD-202306-856 |
CVE-2023-29337 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 |
68 |
Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 |
CNNVD-202306-858 |
CVE-2023-32032 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032 |
69 |
Microsoft Windows DNS 安全漏洞 |
CNNVD-202306-1013 |
CVE-2023-32020 |
低危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32020 |
70 |
Microsoft Power Apps 安全漏洞 |
CNNVD-202306-914 |
CVE-2023-32024 |
低危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32024 |
此次更新共包括7个更新漏洞的补丁程序,其中高危漏洞4个,中危漏洞3个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Windows Print Spooler Components 安全漏洞 |
CNNVD-202107-137 |
CVE-2021-34527 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 |
2 |
Microsoft Windows Kerberos 安全漏洞 |
CNNVD-202211-2288 |
CVE-2022-37967 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
3 |
Microsoft Windows Netlogon 安全漏洞 |
CNNVD-202211-2274 |
CVE-2022-38023 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023 |
4 |
Microsoft Excel 安全漏洞 |
CNNVD-202303-1038 |
CVE-2023-23398 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398 |
5 |
Microsoft Service Fabric 安全漏洞 |
CNNVD-202303-1016 |
CVE-2023-23383 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383 |
6 |
Microsoft Excel 资源管理错误漏洞 |
CNNVD-202303-1033 |
CVE-2023-23396 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23396 |
7 |
Microsoft Defender SmartScreen 安全漏洞 |
CNNVD-202303-1034 |
CVE-2023-24880 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880 |
此次更新共包括8个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞7个,低危漏洞1个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
1 |
Git 路径遍历漏洞 |
CNNVD-202304-2045 |
CVE-2023-25652 |
高危 |
github |
https://github.com/git/git/security/advisories/GHSA-2hvf-7c8p-28fx |
2 |
Autodesk FBX-SDK 缓冲区错误漏洞 |
CNNVD-202304-1342 |
CVE-2023-27909 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
3 |
Autodesk FBX-SDK 缓冲区错误漏洞 |
CNNVD-202304-1343 |
CVE-2023-27910 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
4 |
Autodesk FBX-SDK 缓冲区错误漏洞 |
CNNVD-202304-1347 |
CVE-2023-27911 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
5 |
Git 注入漏洞 |
CNNVD-202304-2063 |
CVE-2023-29007 |
高危 |
github |
https://github.com/git/git/security/advisories/GHSA-v48j-4xgg-4844 |
6 |
Git for Windows 代码问题漏洞 |
CNNVD-202304-2061 |
CVE-2023-29011 |
高危 |
github |
https://github.com/git-for-windows/git/security/advisories/GHSA-g4fv-xjqw-q7jm |
7 |
Git for Windows 代码问题漏洞 |
CNNVD-202304-2059 |
CVE-2023-29012 |
高危 |
github |
https://github.com/git-for-windows/git/security/advisories/GHSA-gq5x-v87v-8f7g |
8 |
Git for Windows 格式化字符串错误漏洞 |
CNNVD-202304-2046 |
CVE-2023-25815 |
低危 |
github |
https://github.com/git-for-windows/git/security/advisories/GHSA-9w66-8mq8-5vm8 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us