CNNVD通报微软多个安全漏洞
作者: 日期:2024年02月22日 阅:8,728

近日,CNNVD通报了微软官方发布的多个安全漏洞,本次通报共涉及80个漏洞补丁。包括Microsoft Azure Site Recovery 安全漏洞(CNNVD-202402-1061、CVE-2024-21364)、Microsoft Azure Kubernetes 安全漏洞(CNNVD-202402-1050、CVE-2024-21376)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、 漏洞介绍

2024年2月13日,微软发布了2024年2月份安全更新,共80个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Azure Connected Machine Agent、Microsoft Hyper-V、Microsoft Azure、Microsoft Windows USB Serial Driver、Microsoft Exchange Server等。CNNVD对其危害等级进行了评价,其中超危漏洞8个,高危漏洞57个,中危漏洞15个。

微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:https://portal.msrc.microsoft.com/zh-cn/security-guidance

二、漏洞详情

此次更新共包括73个新增漏洞的补丁程序,其中超危漏洞6个,高危漏洞53个,中危漏洞14个。

序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Azure Site Recovery 安全漏洞CNNVD-202402-1061CVE-2024-21364超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21364
2Microsoft Azure Kubernetes 安全漏洞CNNVD-202402-1050CVE-2024-21376超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376
3Microsoft Azure Active Directory 安全漏洞CNNVD-202402-1034CVE-2024-21401超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21401
4Microsoft Azure Kubernetes 安全漏洞CNNVD-202402-1032CVE-2024-21403超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403
5Microsoft Exchange Server 安全漏洞CNNVD-202402-1030CVE-2024-21410超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410
6Microsoft Outlook 安全漏洞CNNVD-202402-1028CVE-2024-21413超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413
7Microsoft DNS Server 安全漏洞CNNVD-202402-1127CVE-2023-50387高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
8Microsoft Azure DevOps Server 安全漏洞CNNVD-202402-1097CVE-2024-20667高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667
9Microsoft Office 安全漏洞CNNVD-202402-1096CVE-2024-20673高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673
10Microsoft Defender 安全漏洞CNNVD-202402-1091CVE-2024-21315高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315
11Microsoft Dynamics 365 安全漏洞CNNVD-202402-1090CVE-2024-21327高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21327
12Microsoft Dynamics 安全漏洞CNNVD-202402-1089CVE-2024-21328高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21328
13Microsoft Azure Connected Machine Agent 安全漏洞CNNVD-202402-1088CVE-2024-21329高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329
14Microsoft Windows Kernel 安全漏洞CNNVD-202402-1087CVE-2024-21338高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338
15Microsoft DNS Server 安全漏洞CNNVD-202402-1082CVE-2024-21342高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342
16Microsoft Windows Kernel 安全漏洞CNNVD-202402-1080CVE-2024-21345高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21345
17Microsoft Windows Win32K 安全漏洞CNNVD-202402-1078CVE-2024-21346高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21346
18Microsoft ODBC Driver 安全漏洞CNNVD-202402-1079CVE-2024-21347高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21347
19Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞CNNVD-202402-1077CVE-2024-21348高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21348
20Microsoft ActiveX 安全漏洞CNNVD-202402-1076CVE-2024-21349高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21349
21Microsoft OLE DB provider for SQL 安全漏洞CNNVD-202402-1075CVE-2024-21350高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21350
22Microsoft Windows SmartScreen 安全漏洞CNNVD-202402-1074CVE-2024-21351高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351
23Microsoft OLE DB provider for SQL 安全漏洞CNNVD-202402-1073CVE-2024-21352高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21352
24Microsoft WDAC ODBC Driver 安全漏洞CNNVD-202402-1072CVE-2024-21353高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21353
25Microsoft Message Queuing 安全漏洞CNNVD-202402-1071CVE-2024-21354高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21354
26Microsoft Message Queuing 安全漏洞CNNVD-202402-1070CVE-2024-21355高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21355
27Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞CNNVD-202402-1067CVE-2024-21357高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21357
28Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1068CVE-2024-21358高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21358
29Microsoft OLE DB provider for SQL 安全漏洞CNNVD-202402-1066CVE-2024-21359高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21359
30Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1065CVE-2024-21360高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21360
31Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1064CVE-2024-21361高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21361
32Microsoft Message Queuing 安全漏洞CNNVD-202402-1063CVE-2024-21363高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21363
33Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1060CVE-2024-21365高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21365
34Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1059CVE-2024-21366高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21366
35Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1058CVE-2024-21367高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21367
36Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1057CVE-2024-21368高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21368
37Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1056CVE-2024-21369高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21369
38Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1054CVE-2024-21370高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21370
39Microsoft Windows Kernel 安全漏洞CNNVD-202402-1055CVE-2024-21371高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21371
40Microsoft Windows OLE 安全漏洞CNNVD-202402-1052CVE-2024-21372高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21372
41Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1051CVE-2024-21375高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21375
42Microsoft Windows DNS 安全漏洞CNNVD-202402-1049CVE-2024-21377高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21377
43Microsoft Outlook 安全漏洞CNNVD-202402-1048CVE-2024-21378高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21378
44Microsoft Word 安全漏洞CNNVD-202402-1047CVE-2024-21379高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379
45Microsoft Dynamics 安全漏洞CNNVD-202402-1046CVE-2024-21380高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380
46Microsoft Office 安全漏洞CNNVD-202402-1044CVE-2024-21384高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21384
47Microsoft .NET 安全漏洞CNNVD-202402-1043CVE-2024-21386高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21386
48Microsoft Dynamics 安全漏洞CNNVD-202402-1042CVE-2024-21389高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21389
49Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1041CVE-2024-21391高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21391
50Microsoft Dynamics 安全漏洞CNNVD-202402-1040CVE-2024-21393高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21393
51Microsoft Dynamics 安全漏洞CNNVD-202402-1038CVE-2024-21394高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21394
52Microsoft Dynamics 安全漏洞CNNVD-202402-1037CVE-2024-21395高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21395
53Microsoft Dynamics 安全漏洞CNNVD-202402-1036CVE-2024-21396高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21396
54Microsoft Outlook 安全漏洞CNNVD-202402-1039CVE-2024-21402高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402
55Microsoft .NET 安全漏洞CNNVD-202402-1033CVE-2024-21404高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404
56Microsoft Message Queuing 安全漏洞CNNVD-202402-1092CVE-2024-21405高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405
57Microsoft Windows 安全漏洞CNNVD-202402-1031CVE-2024-21406高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406
58Microsoft Windows 安全漏洞CNNVD-202402-1029CVE-2024-21412高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
59Microsoft WDAC OLE DB provider for SQL 安全漏洞CNNVD-202402-1027CVE-2024-21420高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21420
60Microsoft Azure Stack 安全漏洞CNNVD-202402-1121CVE-2024-20679中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679
61Microsoft Hyper-V 安全漏洞CNNVD-202402-1095CVE-2024-20684中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20684
62Microsoft Skype for Business 安全漏洞CNNVD-202402-1094CVE-2024-20695中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20695
63Microsoft Windows Trusted Compute Base 安全漏洞CNNVD-202402-1093CVE-2024-21304中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21304
64Microsoft Windows USB Serial Driver 安全漏洞CNNVD-202402-1086CVE-2024-21339中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339
65Microsoft Windows Kernel 安全漏洞CNNVD-202402-1085CVE-2024-21340中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21340
66Microsoft Windows Kernel 安全漏洞CNNVD-202402-1083CVE-2024-21341中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341
67Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞CNNVD-202402-1084CVE-2024-21343中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21343
68Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞CNNVD-202402-1081CVE-2024-21344中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21344
69Microsoft Lightweight Directory Access Protocol 安全漏洞CNNVD-202402-1069CVE-2024-21356中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21356
70Microsoft Windows Kernel 安全漏洞CNNVD-202402-1062CVE-2024-21362中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21362
71Microsoft Teams 安全漏洞CNNVD-202402-1053CVE-2024-21374中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21374
72Microsoft Azure Active Directory 安全漏洞CNNVD-202402-1045CVE-2024-21381中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381
73Microsoft Azure 安全漏洞CNNVD-202402-1035CVE-2024-21397中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21397

此次更新共包括7个更新漏洞的补丁程序,其中超危漏洞2个,高危漏洞4个,中危漏洞1个。

序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Power Platform Connector 安全漏洞CNNVD-202312-970CVE-2023-36019超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019
2Microsoft .NET和Microsoft Visual Studio 安全漏洞CNNVD-202401-741CVE-2024-0057超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057
3Microsoft Windows AppX Installer 安全漏洞CNNVD-202112-1261CVE-2021-43890高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890
4Microsoft SQL Server 安全漏洞CNNVD-202401-738CVE-2024-0056高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056
5Microsoft Office 安全漏洞CNNVD-202401-717CVE-2024-20677高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677
6Microsoft .NET Framework 安全漏洞CNNVD-202401-692CVE-2024-21312高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312
7Microsoft ASP.NET Core 安全漏洞CNNVD-202311-1269CVE-2023-36558中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558

三、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-usCNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。

如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn

文章来源:CNNVD安全动态微信公众号

关键词:

申明:本文系厂商投稿收录,所涉观点不代表安全牛立场!

上一篇

安全牛课堂 | 基于AI智能的网络安全意识宣教

下一篇

2023年全球勒索软件攻击代表性事件回顾

安全牛

相关文章

行业动态

CNNVD通报Oracle多个安全漏洞情况

行业动态

CNNVD通报GitLab安全漏洞情况

行业动态

安全头条 | 《“数据要素×”三年行动计划(2024—2026年)(征求意见稿)》发布;新疆公安机关公布8起网络违法犯罪典型案例