CNNVD关于微软多个安全漏洞的通报
CNNVD关于微软多个安全漏洞的通报
CNNVD CNNVD安全动态 2023-10-12 16:10
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞174个,影响到微软产品的其他厂商漏洞21个。包括Microsoft Message Queuing 安全漏洞(CNNVD-202310-723、CVE-2023-35349)、Microsoft Windows IIS 安全漏洞(CNNVD-202310-801、CVE-2023-36434)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年10月10日,微软发布了2023年10月份安全更新,共195个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Client/Server Runtime Subsystem、Microsoft Windows HTML Platform、Microsoft Windows Error Reporting、Microsoft Windows Power Management Service、Microsoft Common Data Model SDK等。CNNVD对其危害等级进行了评价,其中超危漏洞7个,高危漏洞139个,中危漏洞48个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括103个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞81个,中危漏洞19个,低危漏洞1个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-723 |
CVE-2023-35349 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349 |
|
2 |
Microsoft Windows IIS 安全漏洞 |
CNNVD-202310-801 |
CVE-2023-36434 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434 |
|
3 |
Microsoft Azure SDK 安全漏洞 |
CNNVD-202310-788 |
CVE-2023-36414 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414 |
|
4 |
Microsoft Azure SDK 安全漏洞 |
CNNVD-202310-791 |
CVE-2023-36415 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415 |
|
5 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202310-795 |
CVE-2023-36417 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 |
|
6 |
Microsoft Azure Real Time Operating System 安全漏洞 |
CNNVD-202310-796 |
CVE-2023-36418 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418 |
|
7 |
Microsoft Azure 安全漏洞 |
CNNVD-202310-794 |
CVE-2023-36419 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419 |
|
8 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202310-799 |
CVE-2023-36420 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 |
|
9 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-802 |
CVE-2023-36431 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431 |
|
10 |
Microsoft QUIC 安全漏洞 |
CNNVD-202310-806 |
CVE-2023-36435 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435 |
|
11 |
Microsoft Windows HTML Platform 安全漏洞 |
CNNVD-202310-808 |
CVE-2023-36436 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436 |
|
12 |
Microsoft Windows TCP/IP 安全漏洞 |
CNNVD-202310-805 |
CVE-2023-36438 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438 |
|
13 |
Microsoft Windows HTML Platform 安全漏洞 |
CNNVD-202310-811 |
CVE-2023-36557 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557 |
|
14 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202310-810 |
CVE-2023-36561 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561 |
|
15 |
Microsoft Office 安全漏洞 |
CNNVD-202310-813 |
CVE-2023-36565 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565 |
|
16 |
Microsoft Windows Deployment Services 安全漏洞 |
CNNVD-202310-819 |
CVE-2023-36567 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567 |
|
17 |
Microsoft Office 安全漏洞 |
CNNVD-202310-818 |
CVE-2023-36568 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568 |
|
18 |
Microsoft Office 安全漏洞 |
CNNVD-202310-821 |
CVE-2023-36569 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569 |
|
19 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-822 |
CVE-2023-36570 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570 |
|
20 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-820 |
CVE-2023-36571 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571 |
|
21 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-816 |
CVE-2023-36572 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572 |
|
22 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-814 |
CVE-2023-36573 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573 |
|
23 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-809 |
CVE-2023-36574 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574 |
|
24 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-807 |
CVE-2023-36575 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575 |
|
25 |
Microsoft OLE DB Provider for SQL Server 安全漏洞 |
CNNVD-202310-800 |
CVE-2023-36577 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577 |
|
26 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-797 |
CVE-2023-36578 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578 |
|
27 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-792 |
CVE-2023-36579 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579 |
|
28 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-789 |
CVE-2023-36581 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581 |
|
29 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-786 |
CVE-2023-36582 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582 |
|
30 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-785 |
CVE-2023-36583 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583 |
|
31 |
Microsoft Windows Active Directory 安全漏洞 |
CNNVD-202310-782 |
CVE-2023-36585 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585 |
|
32 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-781 |
CVE-2023-36589 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589 |
|
33 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-784 |
CVE-2023-36590 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590 |
|
34 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-780 |
CVE-2023-36591 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591 |
|
35 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-779 |
CVE-2023-36592 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592 |
|
36 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-778 |
CVE-2023-36593 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593 |
|
37 |
Microsoft Graphics Component 安全漏洞 |
CNNVD-202310-793 |
CVE-2023-36594 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594 |
|
38 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202310-774 |
CVE-2023-36598 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598 |
|
39 |
Microsoft Windows TCP/IP 安全漏洞 |
CNNVD-202310-776 |
CVE-2023-36602 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602 |
|
40 |
Microsoft Windows TCP/IP 安全漏洞 |
CNNVD-202310-772 |
CVE-2023-36603 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603 |
|
41 |
Microsoft Windows Named Pipe File System 安全漏洞 |
CNNVD-202310-771 |
CVE-2023-36605 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605 |
|
42 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-773 |
CVE-2023-36606 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606 |
|
43 |
Microsoft Windows Resilient File System (ReFS) 安全漏洞 |
CNNVD-202310-767 |
CVE-2023-36701 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701 |
|
44 |
Microsoft Windows DirectMusic 安全漏洞 |
CNNVD-202310-777 |
CVE-2023-36702 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702 |
|
45 |
Microsoft Windows DHCP Server 安全漏洞 |
CNNVD-202310-768 |
CVE-2023-36703 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703 |
|
46 |
Microsoft Windows Setup Files Cleanup 安全漏洞 |
CNNVD-202310-766 |
CVE-2023-36704 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704 |
|
47 |
Microsoft Windows AllJoyn API 安全漏洞 |
CNNVD-202310-763 |
CVE-2023-36709 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709 |
|
48 |
Microsoft Windows Media Foundation 安全漏洞 |
CNNVD-202310-762 |
CVE-2023-36710 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710 |
|
49 |
Microsoft Windows Runtime C++ Template Library 安全漏洞 |
CNNVD-202310-761 |
CVE-2023-36711 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711 |
|
50 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202310-760 |
CVE-2023-36712 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712 |
|
51 |
Microsoft Windows Virtual Trusted Platform Module 安全漏洞 |
CNNVD-202310-756 |
CVE-2023-36718 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718 |
|
52 |
Microsoft Windows Mixed Reality Developer Tools 安全漏洞 |
CNNVD-202310-755 |
CVE-2023-36720 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720 |
|
53 |
Microsoft Windows Error Reporting 安全漏洞 |
CNNVD-202310-754 |
CVE-2023-36721 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721 |
|
54 |
Microsoft Windows Container Manager Service 安全漏洞 |
CNNVD-202310-751 |
CVE-2023-36723 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723 |
|
55 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202310-750 |
CVE-2023-36725 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725 |
|
56 |
Microsoft Windows IKE Extension 安全漏洞 |
CNNVD-202310-747 |
CVE-2023-36726 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726 |
|
57 |
Microsoft Windows Named Pipe File System 安全漏洞 |
CNNVD-202310-744 |
CVE-2023-36729 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729 |
|
58 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202310-742 |
CVE-2023-36730 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 |
|
59 |
Microsoft Win32K 安全漏洞 |
CNNVD-202310-740 |
CVE-2023-36731 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731 |
|
60 |
Microsoft Win32K 安全漏洞 |
CNNVD-202310-738 |
CVE-2023-36732 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732 |
|
61 |
Microsoft Azure 安全漏洞 |
CNNVD-202310-725 |
CVE-2023-36737 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737 |
|
62 |
Microsoft Win32K 安全漏洞 |
CNNVD-202310-757 |
CVE-2023-36743 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743 |
|
63 |
Microsoft Win32K 安全漏洞 |
CNNVD-202310-749 |
CVE-2023-36776 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776 |
|
64 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202310-748 |
CVE-2023-36778 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778 |
|
65 |
Microsoft Skype for Business Server 安全漏洞 |
CNNVD-202310-745 |
CVE-2023-36780 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780 |
|
66 |
Microsoft ODBC Driver 安全漏洞 |
CNNVD-202310-743 |
CVE-2023-36785 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 |
|
67 |
Microsoft Skype for Business 安全漏洞 |
CNNVD-202310-741 |
CVE-2023-36786 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786 |
|
68 |
Microsoft Skype for Business 安全漏洞 |
CNNVD-202310-739 |
CVE-2023-36789 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789 |
|
69 |
Microsoft Windows RDP 安全漏洞 |
CNNVD-202310-737 |
CVE-2023-36790 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790 |
|
70 |
Microsoft Windows Client/Server Runtime Subsystem 安全漏洞 |
CNNVD-202310-724 |
CVE-2023-36902 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902 |
|
71 |
Microsoft Graphics Component 安全漏洞 |
CNNVD-202310-736 |
CVE-2023-38159 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159 |
|
72 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-735 |
CVE-2023-38166 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166 |
|
73 |
Microsoft QUIC 安全漏洞 |
CNNVD-202310-726 |
CVE-2023-38171 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 |
|
74 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-729 |
CVE-2023-41765 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765 |
|
75 |
Microsoft Client Server Run-time Subsystem 安全漏洞 |
CNNVD-202310-733 |
CVE-2023-41766 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766 |
|
76 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-734 |
CVE-2023-41767 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767 |
|
77 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-732 |
CVE-2023-41768 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768 |
|
78 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-731 |
CVE-2023-41769 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769 |
|
79 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-727 |
CVE-2023-41770 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770 |
|
80 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-721 |
CVE-2023-41771 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771 |
|
81 |
Microsoft Win32K 安全漏洞 |
CNNVD-202310-722 |
CVE-2023-41772 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772 |
|
82 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-720 |
CVE-2023-41773 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773 |
|
83 |
Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 |
CNNVD-202310-719 |
CVE-2023-41774 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774 |
|
84 |
Microsoft Windows Remote Desktop Protocol 安全漏洞 |
CNNVD-202310-787 |
CVE-2023-29348 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348 |
|
85 |
Microsoft Dynamics 365 安全漏洞 |
CNNVD-202310-790 |
CVE-2023-36416 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416 |
|
86 |
Microsoft Dynamics 365 安全漏洞 |
CNNVD-202310-798 |
CVE-2023-36429 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429 |
|
87 |
Microsoft Dynamics 365 安全漏洞 |
CNNVD-202310-803 |
CVE-2023-36433 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433 |
|
88 |
Microsoft WordPad 安全漏洞 |
CNNVD-202310-812 |
CVE-2023-36563 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563 |
|
89 |
Microsoft Windows Search Component 安全漏洞 |
CNNVD-202310-815 |
CVE-2023-36564 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564 |
|
90 |
Microsoft Common Data Model SDK 安全漏洞 |
CNNVD-202310-817 |
CVE-2023-36566 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566 |
|
91 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202310-804 |
CVE-2023-36576 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576 |
|
92 |
Microsoft Windows 安全漏洞 |
CNNVD-202310-783 |
CVE-2023-36584 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 |
|
93 |
Microsoft Windows Remote Procedure Call 安全漏洞 |
CNNVD-202310-775 |
CVE-2023-36596 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596 |
|
94 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202310-770 |
CVE-2023-36697 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697 |
|
95 |
Microsoft Windows Deployment Services 安全漏洞 |
CNNVD-202310-765 |
CVE-2023-36706 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706 |
|
96 |
Microsoft Windows Deployment Services 安全漏洞 |
CNNVD-202310-764 |
CVE-2023-36707 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707 |
|
97 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202310-759 |
CVE-2023-36713 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713 |
|
98 |
Microsoft Windows TPM 安全漏洞 |
CNNVD-202310-758 |
CVE-2023-36717 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717 |
|
99 |
Microsoft Active Directory Domain Services 安全漏洞 |
CNNVD-202310-752 |
CVE-2023-36722 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722 |
|
100 |
Microsoft Windows Power Management Service 安全漏洞 |
CNNVD-202310-753 |
CVE-2023-36724 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724 |
|
101 |
Microsoft SQL Server 安全漏洞 |
CNNVD-202310-746 |
CVE-2023-36728 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 |
|
102 |
Microsoft Skype for Business 安全漏洞 |
CNNVD-202310-728 |
CVE-2023-41763 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763 |
|
103 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202310-769 |
CVE-2023-36698 |
低危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698 |
此次更新共包括71个更新漏洞的补丁程序,其中超危漏洞5个,高危漏洞48个,中危漏洞18个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202308-737 |
CVE-2023-21709 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 |
|
2 |
Microsoft Azure Kubernetes 输入验证错误漏洞 |
CNNVD-202309-793 |
CVE-2023-29332 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332 |
|
3 |
Microsoft Edge 安全漏洞 |
CNNVD-202309-1119 |
CVE-2023-36735 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735 |
|
4 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202309-804 |
CVE-2023-36758 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758 |
|
5 |
Microsoft Office 安全漏洞 |
CNNVD-202309-812 |
CVE-2023-36765 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765 |
|
6 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202208-2505 |
CVE-2022-35825 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825 |
|
7 |
Microsoft Windows Kerberos 安全漏洞 |
CNNVD-202211-2288 |
CVE-2022-37967 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
|
8 |
Microsoft Dynamics 安全漏洞 |
CNNVD-202212-3159 |
CVE-2022-41127 |
高危 |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127 |
|
9 |
Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 |
CNNVD-202306-853 |
CVE-2023-24936 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936 |
|
10 |
Microsoft Raw Image Extension 安全漏洞 |
CNNVD-202307-886 |
CVE-2023-32051 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32051 |
|
11 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202309-795 |
CVE-2023-33136 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136 |
|
12 |
Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 |
CNNVD-202309-796 |
CVE-2023-35355 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355 |
|
13 |
Microsoft Edge 安全漏洞 |
CNNVD-202309-1116 |
CVE-2023-36562 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562 |
|
14 |
Microsoft 3D Viewer 安全漏洞 |
CNNVD-202309-799 |
CVE-2023-36739 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739 |
|
15 |
Microsoft 3D Viewer 安全漏洞 |
CNNVD-202309-800 |
CVE-2023-36740 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740 |
|
16 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202309-798 |
CVE-2023-36742 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742 |
|
17 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202309-802 |
CVE-2023-36744 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744 |
|
18 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202309-801 |
CVE-2023-36745 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745 |
|
19 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202309-813 |
CVE-2023-36756 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756 |
|
20 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202309-803 |
CVE-2023-36757 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757 |
|
21 |
Microsoft 3D Viewer 安全漏洞 |
CNNVD-202309-808 |
CVE-2023-36760 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760 |
|
22 |
Microsoft Word 安全漏洞 |
CNNVD-202309-810 |
CVE-2023-36762 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762 |
|
23 |
Microsoft Outlook 安全漏洞 |
CNNVD-202309-811 |
CVE-2023-36763 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763 |
|
24 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202309-807 |
CVE-2023-36764 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764 |
|
25 |
Microsoft 3D Builder 安全漏洞 |
CNNVD-202309-815 |
CVE-2023-36770 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770 |
|
26 |
Microsoft 3D Builder 安全漏洞 |
CNNVD-202309-817 |
CVE-2023-36771 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771 |
|
27 |
Microsoft 3D Builder 安全漏洞 |
CNNVD-202309-816 |
CVE-2023-36772 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772 |
|
28 |
Microsoft 3D Builder 安全漏洞 |
CNNVD-202309-818 |
CVE-2023-36773 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773 |
|
29 |
Microsoft .NET Framework 安全漏洞 |
CNNVD-202309-819 |
CVE-2023-36788 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788 |
|
30 |
Microsoft .NET和Microsoft Visual Studio 安全漏洞 |
CNNVD-202309-896 |
CVE-2023-36792 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 |
|
31 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 |
CNNVD-202309-832 |
CVE-2023-36793 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 |
|
32 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 |
CNNVD-202309-837 |
CVE-2023-36794 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 |
|
33 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 |
CNNVD-202309-824 |
CVE-2023-36796 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 |
|
34 |
Microsoft Streaming Service 安全漏洞 |
CNNVD-202309-835 |
CVE-2023-36802 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802 |
|
35 |
Microsoft Windows GDI 安全漏洞 |
CNNVD-202309-846 |
CVE-2023-36804 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804 |
|
36 |
Microsoft Windows Scripting 安全漏洞 |
CNNVD-202309-843 |
CVE-2023-36805 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805 |
|
37 |
Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞 |
CNNVD-202308-692 |
CVE-2023-36876 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876 |
|
38 |
Microsoft Tablet Windows User Interface 安全漏洞 |
CNNVD-202308-702 |
CVE-2023-36898 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898 |
|
39 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-847 |
CVE-2023-38139 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139 |
|
40 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-849 |
CVE-2023-38141 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141 |
|
41 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-848 |
CVE-2023-38142 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142 |
|
42 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202309-844 |
CVE-2023-38143 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143 |
|
43 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202309-841 |
CVE-2023-38144 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38144 |
|
44 |
Microsoft Windows Themes 安全漏洞 |
CNNVD-202309-836 |
CVE-2023-38146 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146 |
|
45 |
Microsoft Windows Codecs Library 安全漏洞 |
CNNVD-202309-833 |
CVE-2023-38147 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147 |
|
46 |
Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 |
CNNVD-202309-830 |
CVE-2023-38148 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38148 |
|
47 |
Microsoft Windows TCP/IP 资源管理错误漏洞 |
CNNVD-202309-826 |
CVE-2023-38149 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38149 |
|
48 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-823 |
CVE-2023-38150 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38150 |
|
49 |
Microsoft Azure DevOps Server 安全漏洞 |
CNNVD-202309-865 |
CVE-2023-38155 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155 |
|
50 |
Microsoft Azure 安全漏洞 |
CNNVD-202309-825 |
CVE-2023-38156 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156 |
|
51 |
Microsoft Windows GDI 安全漏洞 |
CNNVD-202309-821 |
CVE-2023-38161 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38161 |
|
52 |
Microsoft Windows DHCP Server 资源管理错误漏洞 |
CNNVD-202309-822 |
CVE-2023-38162 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38162 |
|
53 |
Microsoft Windows Defender 安全漏洞 |
CNNVD-202309-872 |
CVE-2023-38163 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163 |
|
54 |
Microsoft Edge 跨站脚本漏洞 |
CNNVD-202306-182 |
CVE-2023-29345 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345 |
|
55 |
Microsoft Edge 安全漏洞 |
CNNVD-202309-1117 |
CVE-2023-36727 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727 |
|
56 |
Microsoft Identity Linux Broker 安全漏洞 |
CNNVD-202309-797 |
CVE-2023-36736 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736 |
|
57 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202309-805 |
CVE-2023-36759 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759 |
|
58 |
Microsoft Word 安全漏洞 |
CNNVD-202309-809 |
CVE-2023-36761 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761 |
|
59 |
Microsoft Excel 安全漏洞 |
CNNVD-202309-814 |
CVE-2023-36766 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766 |
|
60 |
Microsoft Office 安全漏洞 |
CNNVD-202309-806 |
CVE-2023-36767 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767 |
|
61 |
Microsoft Exchange Server 安全漏洞 |
CNNVD-202309-820 |
CVE-2023-36777 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777 |
|
62 |
Microsoft .NET Core和Microsoft Visual Studio 安全漏洞 |
CNNVD-202309-828 |
CVE-2023-36799 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799 |
|
63 |
Microsoft Dynamics Finance & Operations 跨站脚本漏洞 |
CNNVD-202309-829 |
CVE-2023-36800 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800 |
|
64 |
Microsoft Windows DHCP Server 安全漏洞 |
CNNVD-202309-838 |
CVE-2023-36801 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36801 |
|
65 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-840 |
CVE-2023-36803 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803 |
|
66 |
Microsoft Dynamics 365 跨站脚本漏洞 |
CNNVD-202309-852 |
CVE-2023-36886 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886 |
|
67 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202309-853 |
CVE-2023-38140 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140 |
|
68 |
Microsoft Windows DHCP Server 安全漏洞 |
CNNVD-202309-890 |
CVE-2023-38152 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38152 |
|
69 |
Microsoft Windows TCP/IP 安全漏洞 |
CNNVD-202309-868 |
CVE-2023-38160 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160 |
|
70 |
Microsoft Dynamics 365 跨站脚本漏洞 |
CNNVD-202309-874 |
CVE-2023-38164 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164 |
|
71 |
Microsoft Office 安全漏洞 |
CNNVD-202309-875 |
CVE-2023-41764 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41764 |
此次更新共包括21个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞10个,中危漏洞11个。
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
|
1 |
Autodesk FBX-SDK 资源管理错误漏洞 |
CNNVD-202210-946 |
CVE-2022-41303 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 |
|
2 |
libwebp 资源管理错误漏洞 |
CNNVD-202305-177 |
CVE-2023-1999 |
高危 |
WebP项目 |
https://github.com/webmproject/libwebp |
|
3 |
Autodesk FBX-SDK 缓冲区错误漏洞 |
CNNVD-202304-1342 |
CVE-2023-27909 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
|
4 |
Autodesk FBX-SDK 缓冲区错误漏洞 |
CNNVD-202304-1347 |
CVE-2023-27911 |
高危 |
Autodesk |
https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004 |
|
5 |
Apache HTTP/2 安全漏洞 |
CNNVD-202310-667 |
CVE-2023-44487 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
|
6 |
Google Chrome 缓冲区错误漏洞 |
CNNVD-202309-784 |
CVE-2023-4863 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html |
|
7 |
Google Chrome 资源管理错误漏洞 |
CNNVD-202309-2548 |
CVE-2023-5186 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html |
|
8 |
Google Chrome 资源管理错误漏洞 |
CNNVD-202309-2546 |
CVE-2023-5187 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html |
|
9 |
Google Chrome 缓冲区错误漏洞 |
CNNVD-202309-2505 |
CVE-2023-5217 |
高危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html |
|
10 |
Google Chrome 安全漏洞 |
CNNVD-202310-219 |
CVE-2023-5346 |
高危 |
|
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html |
|
11 |
Electron 代码注入漏洞 |
CNNVD-202309-566 |
CVE-2023-39956 |
中危 |
个人开发者 |
https://github.com/electron/electron/security/advisories/GHSA-7×97-j373-85×5 |
|
12 |
Google Chrome 安全漏洞 |
CNNVD-202309-918 |
CVE-2023-4900 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
13 |
Google Chrome 安全漏洞 |
CNNVD-202309-920 |
CVE-2023-4901 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
14 |
Google Chrome 安全漏洞 |
CNNVD-202309-921 |
CVE-2023-4902 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
15 |
Google Chrome 安全漏洞 |
CNNVD-202309-923 |
CVE-2023-4903 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
16 |
Google Chrome 安全漏洞 |
CNNVD-202309-929 |
CVE-2023-4904 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
17 |
Google Chrome 安全漏洞 |
CNNVD-202309-928 |
CVE-2023-4905 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
18 |
Google Chrome 安全漏洞 |
CNNVD-202309-927 |
CVE-2023-4906 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
19 |
Google Chrome 安全漏洞 |
CNNVD-202309-925 |
CVE-2023-4907 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
20 |
Google Chrome 安全漏洞 |
CNNVD-202309-922 |
CVE-2023-4908 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
|
21 |
Google Chrome 安全漏洞 |
CNNVD-202309-924 |
CVE-2023-4909 |
中危 |
|
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: [email protected]