【漏洞预警】微软5月补丁日多个高危漏洞预警

漏洞预警 发布时间:2023-05-11 10:15:17 316 浏览

漏洞公告

近日,中国电信SRC监测到微软官方发布5月安全更新补丁漏洞,包括Windows NFS、Windows PGM、Windows LDAP、Windows OLE、Windows SSTP等多个CVE安全漏洞补丁,当前官方已发布相关补丁,建议用户及时更新对应补丁修复漏洞。

参考链接:

https://msrc.microsoft.com/update-guide/


一、影响版本


Windows 网络文件系统(NFS)远程代码执行漏洞(CVE-2023-24941):

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems

Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞(CVE-2023-24943):

Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems

Windows 轻量级目录访问协议 (LDAP) 远程代码执行漏洞

(CVE-2023-28283):

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

Windows OLE 远程代码执行漏洞(CVE-2023-29325):

Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞

(CVE-2023-24903):

Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016


二、漏洞描述


Windows 网络文件系统(NFS)远程代码执行漏洞(CVE-2023-24941):cvss3.1评分:9.8(超危);攻击者通过对网络文件系统 (NFS) 服务进行未经身份验证的特制调用以触发远程代码执行 (RCE)。

细节是否公开
  POC状态
   EXP状态
  在野利用
     否
    未公开
    未公开
     未公开

Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞(CVE-2023-24943):cvss3.1评分:9.8(超危);Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞,由于Windows Pragmatic General Multicast (PGM)中对用户提供的输入验证不足,当 Windows Message Queuing 服务在 PGM Server 环境中运行时,未经身份验证的远程攻击者通过网络发送经特别设计的文件,成功利用该漏洞后可以执行恶意代码。

细节是否公开
  POC状态
   EXP状态
  在野利用
     否
    未公开
    未公开
     未公开
Windows 轻量级目录访问协议 (LDAP) 远程代码执行漏洞

(CVE-2023-28283):cvss3.1评分:9.8(超危);Windows 轻量级目录访问协议 (LDAP) 远程代码执行漏洞,未经过身份验证的远程攻击者可以通过特制的LDAP 调用来触发该漏洞,成功利用该漏洞可以LDAP 服务的上下文中执行任意代码。
细节是否公开
  POC状态
   EXP状态
  在野利用
     否
    未公开
    未公开
     未公开
Windows OLE 远程代码执行漏洞(CVE-2023-29325):cvss3.1评分:8.1(高危);在电子邮件攻击情形中,攻击者可以通过向受害者发送特制电子邮件来利用此漏洞。对该漏洞的利用可能涉及受害者使用受影响的 Microsoft Outlook 软件版本打开特制电子邮件,或者受害者的 Outlook 应用程序显示特制电子邮件的预览。这可能导致攻击者在受害者的机器上执行远程代码。
细节是否公开
  POC状态
   EXP状态
  在野利用
     否
    未公开
    未公开
     未公开
Windows 安全套接字隧道协议 (SSTP) 远程代码执行漏洞

(CVE-2023-24903):cvss3.1评分:8.1(高危);未经授权的攻击者可以利用该漏洞发送特制的恶意SSTP数据包到SSTP服务器,从而在服务器端执行恶意代码,可能导致服务器被控制或敏感信息泄露。
细节是否公开
  POC状态
   EXP状态
  在野利用
     否
    未公开
    未公开
     未公开

三、修复措施


官方建议:

微软官方已发布相应的补丁修复漏洞,Windows 系统用户可通过默认开启的安全更新检查进行漏洞修复更新,也可以访问以下链接手动安装相关的漏洞补丁:https://msrc.microsoft.com/update-guide/vulnerability

Windows Network File System远程代码执行漏洞(CVE-2023-24941)临时缓解措施:此漏洞在 NFSV2.0 或 NFSV3.0 中不可利用。在更新可抵御此漏洞的 Windows 版本之前,您可以通过禁用 NFSV4.1 来减轻攻击。这可能会对您的生态系统产生不利影响,只能用作临时缓解措施。除非您已安装 2022 年 5 月的 Windows 安全更新,否则不应应用此缓解措施。这些更新解决了CVE-2022-26937,这是 NFSV2.0 和 NFSV3.0 中的一个严重漏洞。





免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐

漏洞预警 | 百易云资产管理运营系统SQL注入漏洞

漏洞预警 | 灵当CRM任意文件读取漏洞

漏洞预警 | 用友移动系统管理SQL注入漏洞

漏洞预警 | 灵当CRM任意文件读取漏洞

【漏洞预警】VMware vCenter Server 堆溢出漏洞(CVE-2024-38812)

【漏洞预警】Apache Solr高危漏洞曝光,速查你的系统是否中招!