【漏洞公告】
微软官方发布了 2 月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Office、Windows Graphics Component、Microsoft Exchange Server、NT OS Kernel 等多个 CVE 安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。
参考链接:https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
根据公告,此次更新中修复的 Microsoft Office 安全功能绕过漏洞( CVE-2023-21715 )、Windows Graphics Component 权限提升漏洞(CVE-2023-21823)、Windows Common Log File System Driver 权限提升漏洞(CVE-2023-23376、CVE-2023-21812)、Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21529、CVE-2023-21706)、NT OS Kernel 权限提升漏洞 ( CVE[1]2023-21688 )、Microsoft Protected Extensible Authentication Protocol (PEAP) 远程代码执行漏洞( CVE-2023-21689 、 CVE-2023-21690、CVE-2023-21692)、Windows Secure Channel 拒绝服务漏洞 ( CVE-2023-21818 、 CVE-2023-21819 ) 风险较大。其中 CVE-2023-21715 Microsoft Office 安全功能绕过漏 洞、CVE-2023-21823 Windows Graphics Component 权限提升漏洞、CVE-2023-23376 Windows Common Log File System Driver 权限提升漏洞存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
相关链接参考:https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Microsoft Office 安全功能绕过漏洞(CVE-2023-21715)
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Windows Graphics Component 权限提升漏洞(CVE-2023-21823)
Microsoft Office for Android
Microsoft Office for Universal
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Common Log File System Driver 权限提升漏洞(CVE-2023-23376、CVE-2023-21812)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21529)
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
NT OS Kernel 权限提升漏洞(CVE-2023-21688)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21689、CVE-2023-21690)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21692)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21706)
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2019 Cumulative Update 12
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21818)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (ServerCore installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21819)
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
2月安全公告列表,包含的其他漏洞快速阅读指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
CVE-2023-21808 | .NET 和 Visual Studio 远程代码执行漏洞
CVE-2023-21722 | .NET 拒绝服务漏洞
CVE-2023-23378 | 打印 3D 远程代码执行漏洞
CVE-2023-23390 | 3D 生成器远程代码执行漏洞
CVE-2023-23377 | 3D 生成器远程代码执行漏洞
CVE-2023-21777 | Azure Stack Hub 上的 Azure App Service 特权提升漏洞
CVE-2023-21703 | Azure Data Box 网关远程代码执行漏洞
CVE-2023-21553 | Azure DevOps 服务器远程代码执行漏洞
CVE-2023-21564 | Azure DevOps 服务器跨站点脚本漏洞
CVE-2023-23382 | Azure 机器学习计算实例信息泄露漏洞
CVE-2019-15126 | MITRE:CVE-2019-15126 特定定时和手工制作的流量可能会导致 WLAN设备中的内部错误(与状态转换相关)
CVE-2023-21697 | Windows Internet 存储名称服务 (iSNS) 服务器信息泄露漏洞
CVE-2023-21699 | Windows Internet 存储名称服务 (iSNS) 服务器信息泄露漏洞
CVE-2023-23379 | Microsoft Defender for IoT 特权提升漏洞
CVE-2023-21778 | Microsoft 动态统一服务台远程代码执行漏洞
CVE-2023-21570 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞
CVE-2023-21571 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞
CVE-2023-21572 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞
CVE-2023-21573 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞
CVE-2023-21807 | Microsoft Dynamics 365 (本地) 跨站点脚本漏洞
CVE-2023-21720 | Microsoft 边缘(基于铬)篡改漏洞
CVE-2023-21794 | Microsoft 边缘(基于铬)欺骗漏洞
CVE-2023-23374 | Microsoft Edge(基于 Chromium)远程代码执行漏洞
CVE-2023-21707 | Microsoft Exchange Server 远程代码执行漏洞
CVE-2023-21529 | Microsoft Exchange Server 远程代码执行漏洞
CVE-2023-21706 | Microsoft Exchange Server 远程代码执行漏洞
CVE-2023-21710 | Microsoft Exchange Server 远程代码执行漏洞
CVE-2023-21804 | Windows 图形组件特权提升漏洞
CVE-2023-21823 | Windows 图形组件特权提升漏洞
CVE-2023-21809 | Microsoft Defender for Endpoint Security 功能绕过漏洞
CVE-2023-21714 | Microsoft 办公信息泄露漏洞
CVE-2023-21721 | Microsoft OneNote 欺骗漏洞
CVE-2023-21715 | Microsoft 办公软件安全功能绕过漏洞
CVE-2023-21717 | Microsoft SharePoint Server 特权提升漏洞
CVE-2023-21716 | Microsoft Word 远程代码执行漏洞
CVE-2023-21801 | Microsoft PostScript 打印机驱动程序远程代码执行漏洞
CVE-2023-21684 | Microsoft PostScript 打印机驱动程序远程代码执行漏洞
CVE-2023-21693 | Microsoft 后脚本打印机驱动程序信息泄露漏洞
CVE-2023-21685 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞
CVE-2023-21686 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞
CVE-2023-21799 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞
CVE-2023-21802 | Windows Media 远程代码执行漏洞
CVE-2023-21806 | Power BI 报表服务器欺骗漏洞
CVE-2023-21713 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-21528 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-21704 | Microsoft ODBC 驱动程序 SQL Server 远程代码执行漏洞
CVE-2023-21705 | Microsoft SQL Server 远程代码执行漏洞
CVE-2023-21718 | Microsoft SQL ODBC 驱动程序远程代码执行漏洞
CVE-2023-21568 | Microsoft SQL Server Integration Service ( VSextension) 远程代码执行漏洞
CVE-2023-23381 | Visual Studio Code 远程代码执行漏洞
CVE-2023-21566 | Visual Studio 特权提升漏洞
CVE-2023-21567 | Visual Studio 拒绝服务漏洞
CVE-2023-21815 | Visual Studio Remote Code Execution 漏洞
CVE-2023-21688 | NT 操作系统内核特权提升漏洞
CVE-2023-21812 | Windows 常见日志文件系统驱动程序特权提升漏洞
CVE-2023-23376 | Windows 常见日志文件系统驱动程序特权提升漏洞
CVE-2023-21820 | Windows 分布式文件系统 (DFS) 远程代码执行漏洞
CVE-2023-21694 | Windows 传真服务远程代码执行漏洞
CVE-2023-21687 | HTTP.sys 信息泄露漏洞
CVE-2023-21800 | Windows 安装程序特权提升漏洞
CVE-2023-21803 | Windows iSCSI 发现服务远程代码执行漏洞
CVE-2023-21700 | Windows iSCSI 发现服务拒绝服务漏洞
CVE-2023-21817 | Windows Kerberos 特权提升漏洞
CVE-2023-21805 | Windows MSHTML 平台远程代码执行漏洞
CVE-2023-21798 | Microsoft ODBC 驱动程序远程代码执行漏洞
CVE-2023-21797 | Microsoft ODBC 驱动程序远程代码执行漏洞
CVE-2023-21695 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞
CVE-2023-21691 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 信息泄露漏洞
CVE-2023-21690 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞
CVE-2023-21689 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞
CVE-2023-21692 | Microsoft 受保护的可扩展身份验证协议 (PEAP) 远程代码执行漏洞
CVE-2023-21822 | Windows 图形组件特权提升漏洞
【漏洞描述】
Microsoft Office 安全功能绕过漏洞(CVE-2023-21715):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 已发现 |
Microsoft Office 安全功能绕过漏洞(CVE-2023-21715),攻击者可通过构造特定的文件来利用这个漏洞,成功利用此漏洞可使被下载的文件绕过文件安全保护功能。
Windows Graphics Component 权限提升漏洞(CVE-2023-21823):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 已发现 |
Windows Graphics Component 权限提升漏洞(CVE-2023-21823),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。
Windows Common Log File System Driver 权限提升漏洞(CVE-2023- 23376):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 已发现 |
Windows Common Log File System Driver 权限提升漏洞(CVE-2023- 23376),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21529):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21529),经过身 份验证的攻击者可以通过诱使用户访问特制的服务器共享或网站来利用此漏洞,成功利 用此漏洞的攻击者可以执行任意代码。
NT OS Kernel 权限提升漏洞(CVE-2023-21688)
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
NT OS Kernel 权限提升漏洞(CVE-2023-21688),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21689):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21689),远程攻击者可以通过诱使用户访问特制的服务器共享或网站来利用此漏洞,成功利用此漏洞的攻击者可以执行任意代码。
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21690):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21690),未经身份验证的攻击者可通过网络发送特制的恶意 PEAP 数据包来攻击 Microsoft Protected Extensible Authentication Protocol (PEAP) 服务器。
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行 漏洞(CVE-2023-21692):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21692),未经身份验证的攻击者可通过网络发送特制的恶意 PEAP 数据包来攻击 Microsoft Protected Extensible Authentication Protocol (PEAP) 服务器。
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21706):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21706),经过身份验证的攻击者可以通过诱使用户访问特制的服务器共享或网站来利用此漏洞,成功利用此漏洞的攻击者可以执行任意代码。
Windows Common Log File System Driver 权限提升漏洞(CVE-2023- 21812):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Common Log File System Driver 权限提升漏洞(CVE-2023- 21812),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21818):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21818),成功利用该漏 洞可导致操作系统停止响应。
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21819):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Secure Channel 拒绝服务漏洞(CVE-2023-21819),成功利用该漏洞可导致操作系统停止响应。
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft 已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快快修复。安恒信息将在产品的例行更新中加入相关攻击检测细节发现和防护能力。
(一)Windows 更新:
自动更新:
Microsoft Update 默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
手动更新:
1、 点击“开始菜单”或按 Windows 快捷键,点击进入“设置”。
2、 选择“更新和安全”,进入“Windows 更新”(Windows 8、Windows 8.1、Windows Server 2012以及 Windows Server 2012 R2 可通过控制面板进入“Windows 更新”,具体步骤为“控制面板”->“系统和安全”->“Windows 更新”)
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“Windows 更新”->“查看更新历史记录”查看是否成功安装了更新。
(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability
Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21689、CVE-2023-21690、CVE-2023-21692)临时缓解措施:
Microsoft Protected Extensible Authentication Protocol (PEAP) 仅当 NPS 在 Windows Server上运行并且配置了允许 PEAP 的网络策略时与客户端协商。如果 PEAP 类型未在其网络策略中配置为允许的 EAP 类型,则系统不受影响