【漏洞公告】
微软官方发布了4月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:.NETCore、Microsoft Office、Microsoft Bluetooth Driver、Microsoft Defender for Endpoint、Microsoft Printer Drivers、SQL Server、Visual Studio、Windows Kernel、Windows RDP Client、Windows Win32K 等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr
根据公告,此次更新中修复的WindowsWin32k特权提升漏洞(CVE-2023-28274)、Microsoft消息队列远程代码执行漏洞(CVE-2023-21554)、Windows图形组件特权提升漏洞(CVE-2023-24912)、Windows辅助功能驱动WinSock提升特权漏洞(CVE-2023-28218)、隧道协议远程代码执行漏洞(CVE-2023-28219、CVE-2023-28220)、Windows蓝牙驱动程序远程代码执行漏洞(CVE-2023-28227)、DHCP服务器服务远程代码执行漏洞(CVE-2023-28231)、Windows通用日志文件系统驱动程序信息泄露漏洞(CVE-2023-28266)、Windows通用日志文件系统驱动程序特权提升漏洞(CVE-2023-28252)风险较大。其中Windows通用日志文件系统驱动程序特权提升漏洞(CVE-2023-28252)存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
相关链接参考:
https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Windows Win32k特权提升漏洞(CVE-2023-28274):
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Microsoft消息队列远程代码执行漏洞(CVE-2023-21554):
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows图形组件特权提升漏洞(CVE-2023-24912):
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Coreinstallation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Coreinstallation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows辅助功能驱动程序WinSock特权提升漏洞(CVE-2023-28218):
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
二层隧道协议远程代码执行漏洞(CVE-2023-28219、CVE-2023-28220):
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows蓝牙驱动程序远程代码执行漏洞(CVE-2023-28227):
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
DHCP服务器服务远程代码执行漏洞(CVE-2023-28231):
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows通用日志文件系统驱动程序信息泄露漏洞(CVE-2023-28266):
Windows Server 2019 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2022
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows通用日志文件系统驱动程序特权提升漏洞(CVE-2023-28252):
Windows 11 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2012 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
4月安全公告列表,包含的其他漏洞快速阅读指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023- Apr
CVE-2023-21554 | Microsoft Message Queuing 远程代码执行漏洞
CVE-2023-21727 | 远程过程调用运行时远程代码执行漏洞
CVE-2023-21729 | 远程过程调用运行时信息泄露漏洞
CVE-2023-21769 | Microsoft Message Queuing 拒绝服务漏洞
CVE-2023-23375 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-23384 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-24860 | Microsoft Defender 拒绝服务漏洞
CVE-2023-24883 | Microsoft PostScript 和 PCL6 类打印机驱动程序信息泄露漏洞
CVE-2023-24884 | Microsoft PostScript 和 PCL6 类打印机驱动程序远程代码执行漏洞
CVE-2023-24885 | Microsoft PostScript 和 PCL6 类打印机驱动程序远程代码执行漏洞
CVE-2023-24886 | Microsoft PostScript 和 PCL6 类打印机驱动程序远程代码执行漏洞
CVE-2023-24887 | Microsoft PostScript 和 PCL6 类打印机驱动程序远程代码执行漏洞
CVE-2023-24893 | Visual Studio Code 远程代码执行漏洞
CVE-2023-24912 | Windows 图形组件提权漏洞
CVE-2023-24914 | Win32k 提权漏洞
CVE-2023-24924 | Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24925 | Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24926 | Microsoft PostScript 和 PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24927 | Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24928 | Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24929 | Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24931 | Windows 安全通道拒绝服务漏洞
CVE-2023-28216 | Windows 高级本地过程调用 (ALPC) 提权漏洞
CVE-2023-28217 | Windows 网络地址转换 (NAT) 拒绝服务漏洞
CVE-2023-28218 | Windows WinSock 辅助函数驱动程序提权漏洞
CVE-2023-28219 | 二层隧道协议远程代码执行漏洞
CVE-2023-28220 | 二层隧道协议远程代码执行漏洞
CVE-2023-28221 | Windows 错误报告服务提权漏洞
CVE-2023-28222 | Windows 内核提权漏洞
CVE-2023-28223 | Windows 域名服务远程代码执行漏洞
CVE-2023-28224 | Windows 以太网点对点协议 (PPPoE) 远程代码执行漏洞
CVE-2023-28225 | Windows NTLM 提权漏洞
CVE-2023-28226 | Windows 注册证书引擎安全特性绕过漏洞
CVE-2023-28227 | Windows 蓝牙驱动程序远程代码执行漏洞
CVE-2023-28228 | Windows 欺骗漏洞
CVE-2023-28229 | Windows CNG 密钥隔离服务提权漏洞
CVE-2023-28231 | DHCP 服务器服务远程代码执行漏洞
CVE-2023-28232 | Windows 点对点隧道协议远程代码执行漏洞
CVE-2023-28233 | Windows 安全通道拒绝服务漏洞
CVE-2023-28234 | Windows 安全通道拒绝服务漏洞
CVE-2023-28235 | Windows 锁屏安全功能绕过漏洞
CVE-2023-28236 | Windows 内核提权漏洞
CVE-2023-28237 | Windows 内核远程代码执行漏洞
CVE-2023-28238 | Windows Internet Key Exchange(IKE)协议扩展远程代码执行漏洞
CVE-2023-28240 | Windows 网络负载均衡远程代码执行漏洞
CVE-2023-28241 | Windows 安全套接字隧道协议(SSTP)拒绝服务漏洞
CVE-2023-28243 | Microsoft PostScript 和 PCL6 类打印机驱动程序远程代码执行漏洞
CVE-2023-28244 | Windows Kerberos 提权漏洞
CVE-2023-28246 | Windows 注册表提权漏洞
CVE-2023-28247 | Windows 网络文件系统信息泄露漏洞
CVE-2023-28248 | Windows 内核提权漏洞
CVE-2023-28249 | Windows 引导管理器安全功能绕过漏洞
CVE-2023-28250 | Windows Pragmatic General Multicast(PGM)远程代码执行漏洞
CVE-2023-28252 | Windows 通用日志文件系统驱动程序提权漏洞
CVE-2023-28253 | Windows 内核信息泄露漏洞
CVE-2023-28254 | Windows DNS 服务器远程代码执行漏洞
CVE-2023-28255 | Windows DNS 服务器远程代码执行漏洞
CVE-2023-28256 | Windows DNS 服务器远程代码执行漏洞
CVE-2023-28260 | .NET DLL 劫持远程代码执行漏洞
CVE-2023-28262 | Visual Studio 提权漏洞
CVE-2023-28263 | Visual Studio 信息泄露漏洞
CVE-2023-28266 | Windows 通用日志文件系统驱动程序信息泄露漏洞
CVE-2023-28267 | 远程桌面协议客户端信息泄露漏洞
CVE-2023-28268 | Netlogon RPC 提权漏洞
CVE-2023-28269 | Windows 引导管理器安全功能绕过漏洞
CVE-2023-28270 | Windows 锁屏安全功能绕过漏洞
CVE-2023-28271 | Windows 内核内存信息泄露漏洞
CVE-2023-28272 | Windows 内核提权漏洞
CVE-2023-28273 | Windows 剪贴板服务提权漏洞
CVE-2023-28274 | Windows Win32k 提权漏洞
CVE-2023-28275 | Microsoft WDAC OLE DB Provider for SQL Server 远程代码执行漏洞
CVE-2023-28276 | Windows 组策略安全功能绕过漏洞
CVE-2023-28277 | Windows DNS 服务器信息泄露漏洞
CVE-2023-28278 | Windows DNS 服务器远程代码执行漏洞
CVE-2023-28285 | Microsoft Office 图形远程代码执行漏洞
CVE-2023-28287 | Microsoft Publisher 远程代码执行漏洞
CVE-2023-28288 | Microsoft SharePoint Server 欺骗漏洞
CVE-2023-28291 | Raw Image Extension 远程代码执行漏洞
CVE-2023-28292 | Raw Image Extension 远程代码执行漏洞
CVE-2023-28293 | Windows Kernel 提权漏洞
CVE-2023-28295 | Microsoft Publisher 远程代码执行漏洞
CVE-2023-28296 | Visual Studio 远程代码执行漏洞
CVE-2023-28297 | Windows 远程过程调用服务 (RPCSS) 提权漏洞
CVE-2023-28298 | Windows Kernel 拒绝服务漏洞
CVE-2023-28299 | Visual Studio 欺骗漏洞
CVE-2023-28300 | Azure Service Connector 安全功能绕过漏洞
CVE-2023-28302 | Microsoft Message Queuing 拒绝服务漏洞
CVE-2023-28304 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-28305 | Windows DNS Server 远程代码执行漏洞
CVE-2023-28306 | Windows DNS Server 远程代码执行漏洞
CVE-2023-28307 | Windows DNS Server 远程代码执行漏洞
CVE-2023-28308 | Windows DNS Server 远程代码执行漏洞
CVE-2023-28309 | Microsoft Dynamics 365 (本地部署) 跨站脚本漏洞
CVE-2023-28311 | Microsoft Word 远程代码执行漏洞
CVE-2023-28312 | Azure Machine Learning 信息泄露漏洞
CVE-2023-28313 | Microsoft Dynamics 365 Customer Voice 跨站脚本漏洞
CVE-2023-28314 | Microsoft Dynamics 365 (本地部署)
【漏洞描述】
Windows通用日志文件系统驱动程序特权提升漏洞(CVE-2023-28252):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 已发现 |
Windows通用日志文件系统驱动程序存在权限提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
Windows Win32k特权提升漏洞(CVE-2023-28274):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Win32k存在权限提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
Microsoft消息队列远程代码执行漏洞(CVE-2023-21554):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft消息队列远程代码执行漏洞,未经身份验证的远程攻击者需要将特制的恶意MSMQ数据包发送到MSMQ服务器。这可能会导致在服务器端执行远程代码。
Windows图形组件特权提升漏洞(CVE-2023-24912):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows图形组件存在权限提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
Windows辅助功能驱动WinSock提升特权漏洞(CVE-2023-28218):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows辅助功能驱动WinSock存在权限提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
二层隧道协议远程代码执行漏洞(CVE-2023-28219、CVE-2023-28220):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
隧道协议存在远程代码执行漏洞,未经身份验证的攻击者可以向 RAS 服务器发送特制连接请求,这可能导致RAS服务器计算机上的远程代码执行(RCE)。
Windows蓝牙驱动程序远程代码执行漏洞(CVE-2023-28227):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows蓝牙驱动程序远程代码执行漏洞,攻击者需要靠近目标系统才能发送和接收无线电传输。
DHCP服务器服务远程代码执行漏洞(CVE-2023-28231):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
攻击者在受限网络的访问权限下,可成功利用此漏洞,这可能会导致在服务器端执行远程代码。
Windows通用日志文件系统驱动程序信息泄露漏洞(CVE-2023-28266):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows通用日志文件系统驱动程序信息泄露漏洞,成功利用此漏洞的攻击者可能会读取一小部分堆内存。
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。
处置措施:
(一)Windows更新:
自动更新:
Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
手动更新:
1、点击“开始菜单”或按Windows快捷键,点击进入“设置”。
2、选择“更新和安全”,进入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->“Windows 更新”)
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“Windows 更新”->“查看更新历史记录”查看是否成功安装了更新。
(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability
