【漏洞公告】
微软官方发布了6月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Exchange Server,Microsoft Office SharePoint,Windows GDI,Windows TPM Device Driver和Windows Cloud Files Mini Filter Driver等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun
根据公告,此次更新中修复的Microsoft Exchange Server远程代码执行漏洞(CVE-2023-28310)、Microsoft Office SharePoint特权提升漏洞(CVE-2023-29357)、Windows GDI特权提升漏洞(CVE-2023-29358)、Windows TPM Device Driver特权提升漏洞(CVE-2023- 29360)、Windows Cloud Files Mini Filter Driver特权提升漏洞(CVE-2023-29361)和Windows GDI特权提升漏洞(CVE-2023-29371)风险较大。建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
相关链接:https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-28310)
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft SharePoint Server 特权提升漏洞(CVE-2023-29357)
Microsoft SharePoint Server 2019
Windows GDI 特权提升漏洞(CVE-2023-29358)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows TPM Device Driver 特权提升漏洞(CVE-2023-29360)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Cloud Files Mini Filter Driver 特权提升漏洞(CVE-2023-29361)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows GDI 特权提升漏洞(CVE-2023-29371)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
6月安全公告列表,包含的其他漏洞快速阅读指引(非全部)
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun
CVE-2023-21565 | Azure DevOps Server 欺骗漏洞
CVE-2023-21569 | Azure DevOps Server 欺骗漏洞
CVE-2023-24895 | NET, .NET Framework, and Visual Studio 远程代码执行漏洞
CVE-2023-24896 | Dynamics Finance and Operations 跨站点脚本漏洞
CVE-2023-24897 | .NET, .NET Framework, and Visual Studio 远程代码执行漏洞
CVE-2023-24936 | .NET, .NET Framework, and Visual Studio 特权提升漏洞
CVE-2023-24937 | Windows CryptoAPI 拒绝服务漏洞
CVE-2023-24938 | Windows CryptoAPI 拒绝服务漏洞
CVE-2023-29326 | .NET Framework 远程代码执行漏洞
CVE-2023-29331 | .NET, .NET Framework, and Visual Studio 拒绝服务漏洞
CVE-2023-29337 | NuGet Client 远程代码执行漏洞
CVE-2023-29345 | Microsoft Edge (Chromium-based) 安全功能绕过漏洞
CVE-2023-29346 | NTFS 特权提升漏洞
CVE-2023-29351 | Windows Group Policy 特权提升漏洞
CVE-2023-29352 | Windows 远程桌面安全功能绕过漏洞
CVE-2023-29353 | Sysinternals Process Monitor for Windows 拒绝服务漏洞
CVE-2023-29355 | DHCP Server Service 信息泄露漏洞
CVE-2023-29359 | GDI 特权提升漏洞
CVE-2023-29362 | Remote Desktop Client 远程代码执行漏洞
CVE-2023-29363 | Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞
CVE-2023-29364 | Windows Authentication 特权提升漏洞
CVE-2023-29365 | Windows Media 远程代码执行漏洞
CVE-2023-29366 | Windows Geolocation Service 远程代码执行漏洞
CVE-2023-29367 | iSCSI Target WMI Provider 远程代码执行漏洞
CVE-2023-29368 | Windows Filtering Platform 特权提升漏洞
CVE-2023-29369 | Remote Procedure Call Runtime 拒绝服务漏洞
CVE-2023-29370 | Windows Media 远程代码执行漏洞
CVE-2023-29372 | Microsoft WDAC OLE DB provider for SQL Server 远程代码执行漏洞
CVE-2023-29373 | Microsoft ODBC Driver 远程代码执行漏洞
CVE-2023-32008 | Windows Resilient File System (ReFS) 远程代码执行漏洞
CVE-2023-32009 | Windows Collaborative Translation Framework 特权提升漏洞
CVE-2023-32010 | Windows Bus Filter Driver 特权提升漏洞
CVE-2023-32011 | Windows iSCSI Discovery Service 拒绝服务漏洞
CVE-2023-32012 | Windows Container Manager Service 特权提升漏洞
CVE-2023-32013 | Windows Hyper-V 拒绝服务漏洞
CVE-2023-32014 | W | ndows Pragmatic General Multicast (PGM) 远程代码执行漏洞
CVE-2023-32015 | Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞
CVE-2023-32016 | Windows Installer 信息泄露漏洞
CVE-2023-32017 | Microsoft PostScript Printer Driver 远程代码执行漏洞
CVE-2023-32018 | Windows Hello 远程代码执行漏洞
CVE-2023-32019 | Windows Kernel 信息泄露漏洞
CVE-2023-32020 | Windows DNS 欺骗漏洞
CVE-2023-32021 | Windows SMB Witness 服务安全功能绕过漏洞
CVE-2023-32022 | Windows Server 服务安全功能绕过漏洞
CVE-2023-32024 | Microsoft Power Apps 欺骗漏洞
CVE-2023-32029 | Microsoft Excel 远程代码执行漏洞
CVE-2023-32030 | .NET and Visual Studio 拒绝服务漏洞
CVE-2023-32031 | Microsoft Exchange Server 远程代码执行漏洞
CVE-2023-32032 | .NET and Visual Studio 特权提升漏洞
CVE-2023-33126 | .NET and Visual Studio 远程代码执行漏洞
CVE-2023-33128 | .NET and Visual Studio 远程代码执行漏洞
CVE-2023-33129 | Microsoft SharePoint 拒绝服务漏洞
CVE-2023-33130 | Microsoft SharePoint Server 欺骗漏洞
CVE-2023-33131 | Microsoft Outlook 远程代码执行漏洞
CVE-2023-33132 | Microsoft SharePoint Server 欺骗漏洞
CVE-2023-33133 | Microsoft Excel 远程代码执行漏洞
CVE-2023-33135 | .NET and Visual Studio 特权提升漏洞
CVE-2023-33137 | Microsoft Excel 远程代码执行漏洞
CVE-2023-33139 | Visual Studio 信息泄露漏洞
CVE-2023-33140 | Microsoft OneNote 欺骗漏洞
CVE-2023-33141 | Yet Another Reverse Proxy (YARP) 拒绝服务漏洞
CVE-2023-33142 | Microsoft SharePoint Server 特权提升漏洞
CVE-2023-33143 | Microsoft Edge (Chromium-based) 特权提升漏洞
CVE-2023-33144 | Visual Studio Code 欺骗漏洞
CVE-2023-33145 | Microsoft Edge (Chromium-based) 信息泄露漏洞
CVE-2023-33146 | Microsoft Office 远程代码执行漏洞
【漏洞描述】
Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-28310):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft Exchange Server存在远程代码执行漏洞,该漏洞允许经过身份验证且与Exchange服务器在同一内部网络的攻击者,通过PowerShell远程会话实现远程代码执行。
Microsoft SharePoint Server特权提升漏洞(CVE-2023-29357):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft SharePoint Server存在特权提升漏洞,成功利用此漏洞的攻击者可以获得管理员权限。
Windows GDI特权提升漏洞(CVE-2023-29358):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Microsoft GDI存在特权提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
Windows TPM Device Driver特权提升漏洞(CVE-2023-29360):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows TPM Device Driver存在特权提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM 权限。
Windows Cloud Files Mini Filter Driver特权提升漏洞(CVE-2023-29361):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows Cloud Files Mini Filter Driver存在特权提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
Windows GDI 特权提升漏洞(CVE-2023-29371):
细节是否公开 | POC状态 | EXP状态 | 在野利用 |
否 | 未公开 | 未公开 | 未发现 |
Windows GDI存在特权提升漏洞,成功利用此漏洞的攻击者可以获得SYSTEM权限。
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。
(一)Windows更新:
自动更新:
Microsoft Update 默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
手动更新:
1、点击“开始菜单”或按Windows快捷键,点击进入“设置”。
2、选择“更新和安全”,进入“Windows 更新”(Windows 8、Windows 8.1、Windows Server 012以及Windows Server 2012 R2可通过控制面板进入“Windows 更新”,具体步骤为“控制面板”->“系统和安全”->“Windows 更新”)。
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“Windows 更新”->“查看更新历史记录”查看是否成功安装了更新。
(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:https://msrc.microsoft.com/update-guide/vulnerability
