【漏洞公告】
微软官方发布了1月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Office、Microsoft Exchange Server、Windows Installer、Windows Kernel、Windows ALPC等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。
参考链接:https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
根据公告,此次更新中修复的Windows Win32内核子系统权限提升漏洞(CVE-2023-21541)、Windows GDI权限提升漏洞(CVE-2023-21552)、Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674)、Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726)、WindowsAncillary Function Driver for WinSock 权限提升漏洞(CVE-2023-21768)风险较大。其中CVE-2023-21674 Windows高级本地过程调用(ALPC)权限提升漏洞存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
链接参考:https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core install)
Windows Win32 内核子系统权限提升漏洞(CVE-2023-21541)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows GDI 权限提升漏洞(CVE-2023-21552)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installatio)
Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Ancillary Function Driver for WinSock 权 限 提 升 漏 洞(CVE-2023-21768)
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
1月安全公告列表,包含的其他漏洞快速阅读指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan
CVE-2023-21538|.NET 拒绝服务漏洞
CVE-2023-21792|3D Builder 远程代码执行漏洞
CVE-2023-21780|3D Builder 远程代码执行漏洞
CVE-2023-21789|3D Builder 远程代码执行漏洞
CVE-2023-21788|3D Builder 远程代码执行漏洞
CVE-2023-21787|3D Builder 远程代码执行漏洞
CVE-2023-21785|3D Builder 远程代码执行漏洞
CVE-2023-21783|3D Builder 远程代码执行漏洞
CVE-2023-21781|3D Builder 远程代码执行漏洞
CVE-2023-21790|3D Builder 远程代码执行漏洞
CVE-2023-21782|3D Builder 远程代码执行漏洞
CVE-2023-21793|3D Builder 远程代码执行漏洞
CVE-2023-21791|3D Builder 远程代码执行漏洞
CVE-2023-21786|3D Builder 远程代码执行漏洞
CVE-2023-21784|3D Builder 远程代码执行漏洞
CVE-2023-21531|Azure Service Fabric Container 特权提升漏洞
CVE-2023-21739|Windows 蓝牙驱动程序特权提升漏洞
CVE-2023-21763|Microsoft Exchange Server 特权提升漏洞
CVE-2023-21745|Microsoft Exchange Server 欺骗漏洞
CVE-2023-21764|Microsoft Exchange Server 特权提升漏洞
CVE-2023-21761|Microsoft Exchange Server 信息泄露漏洞
CVE-2023-21762|Microsoft Exchange 服务器欺骗漏洞
CVE-2023-21552|Windows GDI 特权提升漏洞
CVE-2023-21532|Windows GDI 特权提升漏洞
CVE-2023-21680|Windows Win32k 特权提升漏洞
CVE-2023-21728|Windows Netlogon 拒绝服务漏洞
CVE-2023-21537|Microsoft Message Queuing(MSMQ)特权提升漏洞
CVE-2023-21735|Microsoft Office 远程代码执行漏洞
CVE-2023-21734|Microsoft Office 远程代码执行漏洞
CVE-2023-21744|Microsoft SharePoint Server 远程代码执行漏洞
CVE-2023-21742|Microsoft SharePoint Server 远程代码执行漏洞
CVE-2023-21743|Microsoft SharePoint Server 安全功能绕过漏洞
CVE-2023-21737|Microsoft Office Visio 远程代码执行漏洞
CVE-2023-21741|Microsoft Office Visio 信息泄露漏洞
CVE-2023-21738|Microsoft Office Visio 远程代码执行漏洞
CVE-2023-21736|Microsoft Office Visio 远程代码执行漏洞
CVE-2023-21681| Microsoft WDAC OLE DB provider for SQL Server远程代码执行漏洞
CVE-2023-21779|Visual Studio Code 远程代码执行漏洞
CVE-2023-21674|Windows 高级本地过程调用 (ALPC) 特权提升漏洞
CVE-2023-21768| Windows Ancillary Function Driver for WinSock 特权提升漏洞
CVE-2023-21539|Windows 身份验证远程代码执行漏洞
CVE-2023-21752|Windows 备份服务特权提升漏洞
CVE-2023-21733|Windows 绑定筛选器驱动程序特权提升漏洞
CVE-2023-21563|BitLocker 安全功能绕过漏洞
CVE-2023-21560|Windows 启动管理器安全功能绕过漏洞
CVE-2023-21726|Windows 凭据管理器用户界面特权提升漏洞
CVE-2023-21540|Windows 密码信息泄露漏洞
CVE-2023-21550|Windows 密码信息泄露漏洞
CVE-2023-21730|Microsoft 加密服务特权提升漏洞
CVE-2023-21551|Microsoft 加密服务特权提升漏洞
CVE-2023-21559|Windows 密码信息泄露漏洞
CVE-2023-21561| Microsoft Cryptographic Services 特权提升漏洞
CVE-2023-21724|Microsoft DWM 核心库特权提升漏洞
CVE-2023-21558| Windows Error Reporting Service 特权提升漏洞
CVE-2023-21536| Event Tracing for Windows 信息泄漏漏洞
CVE-2023-21758|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞
CVE-2023-21683|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞
CVE-2023-21677|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞
CVE-2023-21542|Windows Installer 特权提升漏洞
CVE-2023-21547| Internet Key Exchange (IKE) 协议拒绝服务漏洞
CVE-2023-21527|Windows iSCSI 服务拒绝服务漏洞
CVE-2023-21755|Windows 内核特权提升漏洞
CVE-2023-21753|Window 信息泄露漏洞事件追踪
CVE-2023-21556| Windows 第二层隧道协议(L2TP) 远程代码执行漏洞
CVE-2023-21546| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞
CVE-2023-21679| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞
CVE-2023-21543| Windows 第二层隧道协议(L2TP) 远程代码执行漏洞
CVE-2023-21555| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞
CVE-2023-21676|Windows 轻型目录访问协议 (LDAP) 远程代码执行漏洞
CVE-2023-21557|Windows 轻型目录访问协议 (LDAP) 拒绝服务漏洞
CVE-2023-21524|Windows Local Security Authority (LSA) 特权提升漏洞
CVE-2023-21771|Windows 本地会话管理器 (LSM) 特权提升漏洞
CVE-2023-21725|Windows Malicious Software Removal Tool 特权提升漏洞
CVE-2023-21754|Windows 内核特权提升漏洞
CVE-2023-21746|Windows NTLM 特权提升漏洞
CVE-2023-21732|Microsoft ODBC 驱动程序远程代码执行漏洞
CVE-2023-21767| Windows Overlay Filter 特权提升漏洞
CVE-2023-21766| Windows Overlay Filter 信息泄露漏洞
CVE-2023-21682|Windows 点对点协议 (PPP) 信息泄露漏洞
CVE-2023-21765|Windows 后台打印程序特权提升漏洞
CVE-2023-21678|Windows 后台打印程序特权提升漏洞
CVE-2023-21760|Windows 后台打印程序特权提升漏洞
CVE-2023-21757|Windows 第二层隧道协议 (L2TP) 拒绝服务漏洞
CVE-2023-21525|Remote Procedure Call Runtime 拒绝服务漏洞
CVE-2023-21535|Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞
CVE-2023-21548|Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞
CVE-2023-21759|Windows Smart Card Resource Management Server 安全功能绕过漏洞
CVE-2023-21541|Windows Task Scheduler 特权提升漏洞
CVE-2023-21750|Windows 内核特权提升漏洞
CVE-2023-21772|Windows 内核特权提升漏洞
CVE-2023-21749|Windows 内核特权提升漏洞
CVE-2023-21773|Windows 内核特权提升漏洞
CVE-2023-21748|Windows 内核特权提升漏洞
CVE-2023-21747|Windows 内核特权提升漏洞
CVE-2023-21776|Windows 内核信息泄露漏洞
CVE-2023-21675|Windows 内核特权提升漏洞
CVE-2023-21774|Windows 内核特权提升漏洞
CVE-2023-21549|Windows SMB Witness Service 特权提升漏洞
【漏洞描述】
Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 已发现 |
Windows 高 级 本 地 过 程 调 用 (ALPC) 中 存 在 一 处 权 限 提 升 漏 洞(CVE-2023-21674),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。此漏洞可能导致浏览器沙箱逃逸,并且已发现针对该漏洞的在野利用攻击。
Windows Win32 内核子系统权限提升漏洞(CVE-2023-21541):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Win32 内核子系统中存在一处权限提升漏洞(CVE-2023-21541),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代
Windows GDI 权限提升漏洞(CVE-2023-21552):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows GDI 中存在一处权限提升漏洞(CVE-2023-21552),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM 权限执行任意代码
Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows 凭据管理器用户界面中存在一处权限提升漏洞(CVE-2023-21726),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。
Windows Ancillary Function Driver for WinSock 权 限 提 升 漏 洞(CVE-2023-21768):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Ancillary Function Driver for WinSock 中 存 在 一 处 权 限 提 升 漏 洞(CVE-2023-21768),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft 已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快快修复。安恒信息将在产品的例行更新中加入相关攻击检测细节发现和防护能力。
(一)Windows更新:
自动更新:
Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
手动更新:
1、点击“开始菜单”或按Windows快捷键,点击进入“设置”、
2、选择“更新和安全”,进入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->“Windows更新”)
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。
(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability