​【漏洞预警】微软1月安全更新补丁和多个高危漏洞风险提示
发布人: 李雪娇 发布时间: 2023-01-13 作者: 访问次数: 81

【漏洞公告】

微软官方发布了1月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft OfficeMicrosoft Exchange ServerWindows InstallerWindows KernelWindows ALPC等多个CVE安全漏洞补丁。请相关用户及时更新对应补丁修复漏洞。

参考链接:https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

 

根据公告,此次更新中修复的Windows Win32内核子系统权限提升漏洞(CVE-2023-21541Windows GDI权限提升漏洞(CVE-2023-21552)、Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674)、Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726)、WindowsAncillary Function Driver for WinSock 权限提升漏洞(CVE-2023-21768)风险较大。其中CVE-2023-21674 Windows高级本地过程调用(ALPC)权限提升漏洞存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。

链接参考:https://msrc.microsoft.com/update-guide/vulnerability/

 

【影响范围】

Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core install)

 

Windows Win32 内核子系统权限提升漏洞(CVE-2023-21541

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

 

Windows GDI 权限提升漏洞(CVE-2023-21552

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installatio)

 

Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Coreinstallation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

 

Windows Ancillary Function Driver for WinSock      洞(CVE-2023-21768

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows Server 2022

Windows Server 2022 (Server Core installation)

 

1月安全公告列表,包含的其他漏洞快速阅读指引(非全部):

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

CVE-2023-21538|.NET 拒绝服务漏洞

CVE-2023-21792|3D Builder 远程代码执行漏洞

CVE-2023-21780|3D Builder 远程代码执行漏洞

CVE-2023-21789|3D Builder 远程代码执行漏洞

CVE-2023-21788|3D Builder 远程代码执行漏洞

CVE-2023-21787|3D Builder 远程代码执行漏洞

CVE-2023-21785|3D Builder 远程代码执行漏洞

CVE-2023-21783|3D Builder 远程代码执行漏洞

CVE-2023-21781|3D Builder 远程代码执行漏洞

CVE-2023-21790|3D Builder 远程代码执行漏洞

CVE-2023-21782|3D Builder 远程代码执行漏洞

CVE-2023-21793|3D Builder 远程代码执行漏洞

CVE-2023-21791|3D Builder 远程代码执行漏洞

CVE-2023-21786|3D Builder 远程代码执行漏洞

CVE-2023-21784|3D Builder 远程代码执行漏洞

CVE-2023-21531|Azure Service Fabric Container 特权提升漏洞

CVE-2023-21739|Windows 蓝牙驱动程序特权提升漏洞

CVE-2023-21763|Microsoft Exchange Server 特权提升漏洞

CVE-2023-21745|Microsoft Exchange Server 欺骗漏洞

CVE-2023-21764|Microsoft Exchange Server 特权提升漏洞

CVE-2023-21761|Microsoft Exchange Server 信息泄露漏洞

CVE-2023-21762|Microsoft Exchange 服务器欺骗漏洞

CVE-2023-21552|Windows GDI 特权提升漏洞

CVE-2023-21532|Windows GDI 特权提升漏洞

CVE-2023-21680|Windows Win32k 特权提升漏洞

CVE-2023-21728|Windows Netlogon 拒绝服务漏洞

CVE-2023-21537|Microsoft Message Queuing(MSMQ)特权提升漏洞

CVE-2023-21735|Microsoft Office 远程代码执行漏洞

CVE-2023-21734|Microsoft Office 远程代码执行漏洞

CVE-2023-21744|Microsoft SharePoint Server 远程代码执行漏洞

CVE-2023-21742|Microsoft SharePoint Server 远程代码执行漏洞

CVE-2023-21743|Microsoft SharePoint Server 安全功能绕过漏洞

CVE-2023-21737|Microsoft Office Visio 远程代码执行漏洞

CVE-2023-21741|Microsoft Office Visio 信息泄露漏洞

CVE-2023-21738|Microsoft Office Visio 远程代码执行漏洞

CVE-2023-21736|Microsoft Office Visio 远程代码执行漏洞

CVE-2023-21681| Microsoft WDAC OLE DB provider for SQL Server远程代码执行漏洞

CVE-2023-21779|Visual Studio Code 远程代码执行漏洞

CVE-2023-21674|Windows 高级本地过程调用 (ALPC) 特权提升漏洞

CVE-2023-21768| Windows Ancillary Function Driver for WinSock 特权提升漏洞

CVE-2023-21539|Windows 身份验证远程代码执行漏洞

CVE-2023-21752|Windows 备份服务特权提升漏洞

CVE-2023-21733|Windows 绑定筛选器驱动程序特权提升漏洞

CVE-2023-21563|BitLocker 安全功能绕过漏洞

CVE-2023-21560|Windows 启动管理器安全功能绕过漏洞

CVE-2023-21726|Windows 凭据管理器用户界面特权提升漏洞

CVE-2023-21540|Windows 密码信息泄露漏洞

CVE-2023-21550|Windows 密码信息泄露漏洞

CVE-2023-21730|Microsoft 加密服务特权提升漏洞

CVE-2023-21551|Microsoft 加密服务特权提升漏洞

CVE-2023-21559|Windows 密码信息泄露漏洞

CVE-2023-21561| Microsoft Cryptographic Services 特权提升漏洞

CVE-2023-21724|Microsoft DWM 核心库特权提升漏洞

CVE-2023-21558| Windows Error Reporting Service 特权提升漏洞

CVE-2023-21536| Event Tracing for Windows 信息泄漏漏洞

CVE-2023-21758|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21683|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21677|Windows Internet 密钥交换 (IKE) 扩展拒绝服务漏洞

CVE-2023-21542|Windows Installer 特权提升漏洞

CVE-2023-21547| Internet Key Exchange (IKE) 协议拒绝服务漏洞

CVE-2023-21527|Windows iSCSI 服务拒绝服务漏洞

CVE-2023-21755|Windows 内核特权提升漏洞

CVE-2023-21753|Window 信息泄露漏洞事件追踪

CVE-2023-21556| Windows 第二层隧道协议(L2TP) 远程代码执行漏洞

CVE-2023-21546| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21679| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21543| Windows 第二层隧道协议(L2TP) 远程代码执行漏洞

CVE-2023-21555| Windows 第二层隧道协议 (L2TP) 远程代码执行漏洞

CVE-2023-21676|Windows 轻型目录访问协议 (LDAP) 远程代码执行漏洞

CVE-2023-21557|Windows 轻型目录访问协议 (LDAP) 拒绝服务漏洞

CVE-2023-21524|Windows Local Security Authority (LSA) 特权提升漏洞

CVE-2023-21771|Windows 本地会话管理器 (LSM) 特权提升漏洞

CVE-2023-21725|Windows Malicious Software Removal Tool 特权提升漏洞

CVE-2023-21754|Windows 内核特权提升漏洞

CVE-2023-21746|Windows NTLM 特权提升漏洞

CVE-2023-21732|Microsoft ODBC 驱动程序远程代码执行漏洞

CVE-2023-21767| Windows Overlay Filter 特权提升漏洞

CVE-2023-21766| Windows Overlay Filter 信息泄露漏洞

CVE-2023-21682|Windows 点对点协议 (PPP) 信息泄露漏洞

CVE-2023-21765|Windows 后台打印程序特权提升漏洞

CVE-2023-21678|Windows 后台打印程序特权提升漏洞

CVE-2023-21760|Windows 后台打印程序特权提升漏洞

CVE-2023-21757|Windows 第二层隧道协议 (L2TP) 拒绝服务漏洞

CVE-2023-21525|Remote Procedure Call Runtime 拒绝服务漏洞

CVE-2023-21535|Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞

CVE-2023-21548|Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞

CVE-2023-21759|Windows Smart Card Resource Management Server 安全功能绕过漏洞

CVE-2023-21541|Windows Task Scheduler 特权提升漏洞

CVE-2023-21750|Windows 内核特权提升漏洞

CVE-2023-21772|Windows 内核特权提升漏洞

CVE-2023-21749|Windows 内核特权提升漏洞

CVE-2023-21773|Windows 内核特权提升漏洞

CVE-2023-21748|Windows 内核特权提升漏洞

CVE-2023-21747|Windows 内核特权提升漏洞

CVE-2023-21776|Windows 内核信息泄露漏洞

CVE-2023-21675|Windows 内核特权提升漏洞

CVE-2023-21774|Windows 内核特权提升漏洞

CVE-2023-21549|Windows SMB Witness Service 特权提升漏洞

 

【漏洞描述】

Windows 高级本地过程调用(ALPC)权限提升漏洞(CVE-2023-21674):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

已发现

Windows         (ALPC)           洞(CVE-2023-21674),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。此漏洞可能导致浏览器沙箱逃逸,并且已发现针对该漏洞的在野利用攻击。

 

Windows Win32 内核子系统权限提升漏洞(CVE-2023-21541):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows Win32 内核子系统中存在一处权限提升漏洞(CVE-2023-21541),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代

 

Windows GDI 权限提升漏洞(CVE-2023-21552):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows GDI 中存在一处权限提升漏洞(CVE-2023-21552),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以SYSTEM 权限执行任意代码

 

Windows 凭据管理器用户界面权限提升漏洞(CVE-2023-21726):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows 凭据管理器用户界面中存在一处权限提升漏洞(CVE-2023-21726),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码。

 

Windows Ancillary Function Driver for WinSock      洞(CVE-2023-21768):

细节是否公开

POC状态

EXP状态

在野利用

未公开

未公开

未发现

Windows Ancillary Function Driver for WinSock           洞(CVE-2023-21768),本地攻击者可通过在目标系统上运行恶意程序来利用此漏洞,成功利用此漏洞可在目标系统上以 SYSTEM 权限执行任意代码

 

【缓解措施】

高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft 已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快快修复。安恒信息将在产品的例行更新中加入相关攻击检测细节发现和防护能力。

(一)Windows更新:

自动更新:

Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击开始菜单或按Windows快捷键,点击进入设置

2、选择更新和安全,进入“Windows更新Windows 8Windows 8.1Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新,具体步骤为控制面板”->“系统和安全”->“Windows更新

3、选择检查更新,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录查看是否成功安装了更新。

(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。

补丁获取:https://msrc.microsoft.com/update-guide/vulnerability