¡¾Îó²îͨ¸æ¡¿Î¢Èí7Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2023-07-12

Ò»¡¢Îó²î¸ÅÊö

2023Äê7ÔÂ11ÈÕ£¬£¬£¬£¬£¬Î¢ÈíÐû²¼ÁË7ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬±¾´Î¸üй²ÐÞ¸´ÁË132¸öÎó²î£¬£¬£¬£¬£¬ÆäÖаüÀ¨6¸öÒѱ»Ê¹ÓõÄÎó²î¡¢37¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬£¬£¬£¬£¬ÒÔ¼°9¸öÆÀ¼¶ÎªÑÏÖصÄÎó²î¡£¡£¡£¡£¡£¡£¡£

±¾´ÎÐÞ¸´µÄÎó²îÖУ¬£¬£¬£¬£¬Îó²îÀàÐÍ°üÀ¨ÌØȨÌáÉýÎó²î¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡¢ÐÅϢй¶Îó²î¡¢¾Ü¾øЧÀÍÎó²î¡¢Çå¾²¹¦Ð§ÈƹýÎó²îºÍÓÕÆ­Îó²îµÈ¡£¡£¡£¡£¡£¡£¡£

΢Èí±¾´Î¹²ÐÞ¸´ÁË6¸öÒѱ»Ê¹ÓõÄÎó²î£¬£¬£¬£¬£¬ÆäÖÐCVE-2023-36884Òѱ»¹ûÕæÅû¶£¬£¬£¬£¬£¬ÏêÇéÈçÏ£º

CVE-2023-32046£ºWindows MSHTML PlatformȨÏÞÌáÉýÎó²î

¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ7.8£¬£¬£¬£¬£¬Ê¹ÓøÃÎó²îÐèÒªÓû§½»»¥£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ýµç×ÓÓʼþ»ò¶ñÒâÍøÕ¾·­¿ªÌØÖÆÎļþÀ´Ê¹ÓøÃÎó²î£¬£¬£¬£¬£¬ÀÖ³ÉʹÓÿɻñµÃÔËÐÐÊÜÓ°ÏìÓ¦ÓóÌÐòµÄÓû§µÄȨÏÞ¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒÑ·¢Ã÷±»Ê¹Óᣡ£¡£¡£¡£¡£¡£

CVE-2023-32049£ºWindows SmartScreenÇå¾²¹¦Ð§ÈƹýÎó²î

¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬Ê¹ÓøÃÎó²îÐèÒªÓû§½»»¥£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ýÓÕµ¼Óû§µ¥»÷ÌØÖÆURLÀ´Ö´Ðй¥»÷£¬£¬£¬£¬£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÈƹý¡°·­¿ªÎļþ-Çå¾²ÖÒÑÔ¡±ÌáÐÑ¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒÑ·¢Ã÷±»Ê¹Óᣡ£¡£¡£¡£¡£¡£

CVE-2023-36874£ºWindows Error Reporting ServiceÌØȨÌáÉýÎó²î

¸ÃÎó²î±£´æÓÚWindows ¹ýʧ±¨¸æЧÀÍÖУ¬£¬£¬£¬£¬ÆäCVSSv3ÆÀ·ÖΪ7.8£¬£¬£¬£¬£¬¶ÔÄ¿µÄÅÌËã»ú¾ßÓÐÍâµØ»á¼ûȨÏÞÇÒÄܹ»ÔÚÅÌËã»úÉϽ¨ÉèÎļþ¼ÐºÍÐÔÄܸú×Ù£¬£¬£¬£¬£¬²¢¾ßÓÐͨË×Óû§Ä¬ÈÏȨÏÞµÄÍþвÕß¿ÉʹÓøÃÎó²î»ñµÃÖÎÀíԱȨÏÞ¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒÑ·¢Ã÷±»Ê¹Óᣡ£¡£¡£¡£¡£¡£

CVE-2023-36884 £ºOffice ºÍ Windows HTML Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ÃÎó²îÓ°ÏìÁ˶à¸öWindowsºÍOffice²úÆ·£¬£¬£¬£¬£¬ÆäCVSSv3ÆÀ·ÖΪ8.3£¬£¬£¬£¬£¬ÍþвÕß¿ÉÒÔ½¨ÉèÌØÖÆµÄ Microsoft OfficeÎĵµ²¢ÓÕµ¼Êܺ¦Õß·­¿ª¶ñÒâÎļþ£¬£¬£¬£¬£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔÚÊܺ¦ÕßµÄÉÏÏÂÎÄÖÐÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£¡£¸ÃÎó²îÒѾ­¹ûÕæÅû¶ÇÒÒÑ·¢Ã÷±»Ê¹Ó㬣¬£¬£¬£¬ÏÖÔÚ΢ÈíÔÝδÐû²¼¸ÃÎó²îµÄÇå¾²¸üУ¬£¬£¬£¬£¬µ«ÒÑÐû²¼Á˸ÃÎó²îµÄ»º½â²½·¥¡£¡£¡£¡£¡£¡£¡£

CVE-2023-35311 £ºMicrosoft Outlook Çå¾²¹¦Ð§ÈƹýÎó²î

¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ8.8£¬£¬£¬£¬£¬Ê¹ÓøÃÎó²îÐèÒªÓû§½»»¥£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ýÓÕµ¼Óû§µ¥»÷ÌØÖÆURLÀ´Ö´Ðй¥»÷£¬£¬£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÒÔÈƹý Microsoft Outlook Ç徲֪ͨÌáÐÑ¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒÑ·¢Ã÷±»Ê¹Óᣡ£¡£¡£¡£¡£¡£

ADV230001£º¹ØÓÚ¶ñÒâʹÓà Microsoft ÊðÃûÇý¶¯³ÌÐòµÄÖ¸ÄÏ

΢Èí×î½ü»ñϤ£¬£¬£¬£¬£¬¾­Î¢ÈíWindows Ó²¼þ¿ª·¢Ö°Ô±ÍýÏ루MWHDP£©ÈÏÖ¤µÄÇý¶¯³ÌÐòÔÚºóʹÓûÖỶñÒâʹÓᣡ£¡£¡£¡£¡£¡£ÔÚÕâЩ¹¥»÷ÖУ¬£¬£¬£¬£¬¹¥»÷ÕßÔÚʹÓÃÇý¶¯³ÌÐò֮ǰ¾ÍÒѾ­»ñµÃÁËÊÜѬȾϵͳµÄÖÎÀíȨÏÞ£¬£¬£¬£¬£¬ÊÓ²ìÏÔʾ£¬£¬£¬£¬£¬Î¢ÈíÏàÖúͬ°éÖÐÐÄ (MPC) µÄ¶à¸ö¿ª·¢ÕßÕÊ»§ÕýÔÚÌá½»¶ñÒâÇý¶¯³ÌÐòÒÔ»ñȡ΢ÈíÊðÃû£¬£¬£¬£¬£¬ÏÖÔÚ΢ÈíÒѾ­µõÏú/½ûÓÃÁËÀÄÓà Windows Õ½ÂÔÎó²î×°ÖöñÒâÄÚºËģʽÇý¶¯³ÌÐòµÄ´úÂëÊðÃûÖ¤ÊéºÍ¿ª·¢Ö°Ô±ÕÊ»§¡£¡£¡£¡£¡£¡£¡£

΢Èí7Ô¸üÐÂÉæ¼°µÄÍêÕûÎó²îÁбíÈçÏ£º

CVE-ID

CVEÎÊÌâ

ÑÏÖØÐÔ

CVE-2023-33160

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-33157

Microsoft   SharePointÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35315

Windows   Layer-2 Bridge Network Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-32057

Microsoft ÐÂÎÅÐÐÁÐÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35297

Windows   Pragmatic ͨÓÃ×é²¥ (PGM) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35352

Windows Ô¶³Ì×ÀÃæÇå¾²¹¦Ð§ÈƹýÎó²î

ÑÏÖØ

CVE-2023-35367

Windows ·ÓɺÍÔ¶³Ì»á¼ûЧÀÍ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35366

Windows ·ÓɺÍÔ¶³Ì»á¼ûЧÀÍ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35365

Windows ·ÓɺÍÔ¶³Ì»á¼ûЧÀÍ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-33127

.NET ºÍ Visual Studio ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-33170

ASP.NET ºÍ Visual Studio Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-36871

Azure   Active Directory Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-35348

Active   Directory ÁªºÏÉí·ÝÑé֤ЧÀÍÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-33171

Microsoft   Dynamics 365£¨on-premises£©¿çÕ¾¾ç±¾Îó²î

¸ßΣ

CVE-2023-35335

Microsoft   Dynamics 365£¨on-premises£©¿çÕ¾¾ç±¾Îó²î

¸ßΣ

CVE-2023-33149

Microsoft   Office Graphics Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-21756

Windows   Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35333

MediaWiki   PandocUpload À©Õ¹Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33148

Microsoft   Office ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-36884

Office ºÍ Windows HTML Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33150

Microsoft   Office Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-33152

Microsoft   ActiveX Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33158

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33161

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33162

Microsoft   Excel ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-33151

Microsoft   Outlook ÓÕÆ­Îó²î

¸ßΣ

CVE-2023-33153

Microsoft   Outlook Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35311

Microsoft   Outlook Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-33134

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33165

Microsoft   SharePoint Server Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-33159

Microsoft   SharePoint Server ÓÕÆ­Îó²î

¸ßΣ

CVE-2023-32052

Microsoft   Power Apps ÓÕÆ­Îó²î

¸ßΣ

CVE-2023-32085

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35302

Microsoft   PostScript and PCL6 Class Printer Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35296

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35324

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-32040

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35306

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-32039

Microsoft   PostScript and PCL6 Class Printer Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35303

USB Audio   Class System Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36872

VP9 Video   Extensions ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-32051

Raw Image   Extension Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35373

Mono   Authenticode ÑéÖ¤ÓÕÆ­Îó²î

¸ßΣ

CVE-2023-35374

Paint 3D Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-32047

Paint 3D Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35310

Windows   DNS Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35346

Windows   DNS Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35345

Windows   DNS Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35344

Windows   DNS Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36868

Azure   Service Fabric on Windows ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36867

Visual   Studio Code GitHub Pull Requests and Issues Extension Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35351

Windows   Active Directory Ö¤ÊéЧÀÍ (AD CS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35350

Windows   Active Directory Ö¤ÊéЧÀÍ (AD CS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-32055

Active   Template Library ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-29347

Windows   Admin Center ÓÕÆ­Îó²î

¸ßΣ

CVE-2023-35347

Microsoft ×°ÖÃЧÀÍȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-35329

Windows Éí·ÝÑéÖ¤¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35326

Windows   CDPÓû§×é¼þÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35362

Windows   Clip ЧÀÍÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-33155

Windows   Cloud Files Mini Filter Driver ÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32033

Microsoft   Failover Cluster Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35340

Windows   CNG ÃÜÔ¿¸ôÀëЧÀÍÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35299

Windows ͨÓÃÈÕÖ¾ÎļþϵͳÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35320

Connected   User Experiences and Telemetry ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35353

Connected   User Experiences and Telemetry ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35339

Windows   CryptoAPI ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33174

Windows ¼ÓÃÜÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-33156

Microsoft   Defender ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-35322

Windows °²ÅÅЧÀÍÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35321

Windows °²ÅÅЧÀ;ܾøЧÀÍÎó²î

¸ßΣ

ADV230002

Microsoft ½â¾öÇ÷ÊƿƼ¼ EFI Ä£¿£¿£¿éÖеÄÇå¾²¹¦Ð§ÈƹýÎÊÌâµÄÖ¸ÄÏ

¸ßΣ

CVE-2023-36874

Windows ¹ýʧ±¨¸æЧÀÍÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32083

Microsoft   Failover Cluster ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35343

Windows µØÀí¶¨Î»Ð§ÀÍÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-32084

HTTP.sys ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35298

HTTP.sys ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35342

Windows   Image Acquisition ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-32053

Windows   Installer ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-32050

Windows   Installer ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-35304

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35363

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35305

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35356

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35357

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35358

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32037

Windows   Layer-2 Bridge Network Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35331

Windows   Local Security Authority (LSA) ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35341

Microsoft   DirectMusic ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35309

Microsoft ÐÂÎÅÐÐÁÐÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-32045

Microsoft ÐÂÎÅÐÐÁоܾøЧÀÍÎó²î

¸ßΣ

CVE-2023-32044

Microsoft ÐÂÎÅÐÐÁоܾøЧÀÍÎó²î

¸ßΣ

CVE-2023-32046

Windows   MSHTML ƽ̨ȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-35336

Windows   MSHTML ƽ̨Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-35308

Windows   MSHTML ƽ̨Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-21526

Windows   Netlogon ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-33163

Windows ÍøÂ縺ÔØƽºâÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35361

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35364

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35360

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32038

Microsoft   ODBC Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-32042

OLE×Ô¶¯»¯ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35323

Windows OLEÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-35313

Windows ÔÚÏßÖ¤Êé״̬ЭÒé (OCSP) SnapIn Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33154

Windows ·ÖÇøÖÎÀíÇý¶¯³ÌÐòȨÏÞÌáÉýÎó²î

¸ßΣ

CVE-2023-35338

Windows ¶ÔµÈÃû³ÆÆÊÎöЭÒé¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35325

Windows ´òÓ¡ºǫ́´¦Öóͷ£³ÌÐòÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-32043

Windows Ô¶³Ì×ÀÃæÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-35332

Windows Ô¶³Ì×ÀÃæЭÒéÇå¾²¹¦Ð§Èƹý

¸ßΣ

CVE-2023-35300

Remote   Procedure Call Runtime Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-33168

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33173

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33172

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-32035

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33166

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-32034

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33167

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33169

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35318

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-33164

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35319

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35316

Remote   Procedure Call Runtime ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35314

Remote   Procedure Call Runtime ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35317

Windows   Server Update Service (WSUS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32056

Windows   Server Update Service (WSUS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32049

Windows   SmartScreenÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-35330

Windows À©Õ¹Ð­Éܾ̾øЧÀÍÎó²î

¸ßΣ

CVE-2023-35328

Windows ÊÂÎñÖÎÀíÆ÷ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32041

Windows   Update OrchestratorЧÀÍÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-35312

Microsoft   VOLSNAP.SYS ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-32054

Volume   Shadow Copy ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-35337

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

ADV230001

¹ØÓÚ¶ñÒâʹÓà Microsoft ÊðÃûÇý¶¯³ÌÐòµÄÖ¸ÄÏ

ÎÞ

  

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°ÏìµÄ²úÆ·/¹¦Ð§/ЧÀÍ/×é¼þ°üÀ¨£º

Windows Certificates

Windows EFI Partition

Windows Netlogon

Microsoft Graphics Component

Windows Admin Center

Windows Cluster Server

Windows Remote Procedure Call

Windows Layer 2 Tunneling Protocol

Windows ODBC Driver

Microsoft Printer Drivers

Windows Update Orchestrator Service

Windows OLE

Windows Remote Desktop

Windows Message Queuing

Windows MSHTML Platform

Paint 3D

Windows SmartScreen

Windows Installer

Microsoft Windows Codecs Library

Microsoft Power Apps

Windows Volume Shadow Copy

Windows Active Template Library

Windows Server Update Service

Windows Failover Cluster

Windows HTTP.sys

.NET and Visual Studio

Microsoft Office SharePoint

Microsoft Office

Microsoft Office Outlook

Microsoft Office Access

Windows Partition Management Driver

Windows Cloud Files Mini Filter Driver

Windows Defender

Microsoft Office Excel

Windows Network Load Balancing

ASP.NET and .NET

Microsoft Dynamics

Windows Cryptographic Services

Windows PGM

Windows Common Log File System Driver

Windows Kernel

Role: DNS Server

Windows VOLSNAP.SYS

Windows Online Certificate Status Protocol (OCSP) SnapIn

Windows Layer-2 Bridge Network Driver

Windows Connected User Experiences and Telemetry

Windows Deployment Services

Windows Print Spooler Components

Windows CDP User Components

Windows Transaction Manager

Windows Authentication Methods

Windows SPNEGO Extended Negotiation

Windows Local Security Authority (LSA)

Microsoft Media-Wiki Extensions

Windows Win32K

Windows Peer Name Resolution Protocol

Windows CryptoAPI

Windows CNG Key Isolation Service

Windows Media

Windows Image Acquisition

Windows Geolocation Service

Windows App Store

Azure Active Directory

Windows Active Directory Certificate Services

Windows NT OS Kernel

Windows Clip Service

Windows Routing and Remote Access Service (RRAS)

Mono Authenticode

Visual Studio Code

Service Fabric

Windows Error Reporting


Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚ΢ÈíÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´¡£¡£¡£¡£¡£¡£¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öᣡ£¡£¡£¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£¡£¡£¡£¡£¡£¡£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬£¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£¡£¡£¡£¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öᣡ£¡£¡£¡£¡£¡£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£¡£¡£¡£¡£¡£¡£

2023Äê7ÔÂÇå¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

²¹¶¡ÏÂÔØʾÀý£º

1.·­¿ªÉÏÊöÏÂÔØÁ´½Ó£¬£¬£¬£¬£¬µã»÷Îó²îÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó¡£¡£¡£¡£¡£¡£¡£

image.png

Àý1£ºÎ¢ÈíÎó²îÁÐÌåÏÖÀý£¨2022Äê2Ô£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÆ·¡¿Ñ¡ÔñÏìÓ¦µÄϵͳÀàÐÍ£¬£¬£¬£¬£¬µã»÷ÓҲࡾÏÂÔØ¡¿´¦·­¿ª²¹¶¡ÏÂÔØÁ´½Ó¡£¡£¡£¡£¡£¡£¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Çå¾²¸üС¿£¬£¬£¬£¬£¬·­¿ª²¹¶¡ÏÂÔØÒ³Ã棬£¬£¬£¬£¬ÏÂÔØÏìÓ¦²¹¶¡²¢¾ÙÐÐ×°Öᣡ£¡£¡£¡£¡£¡£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.×°ÖÃÍê³ÉºóÖØÆôÅÌËã»ú¡£¡£¡£¡£¡£¡£¡£

 

3.2 ÔÝʱ²½·¥

Õë¶ÔCVE-2023-36884£¬£¬£¬£¬£¬Î¢ÈíÒѾ­Ðû²¼ÁËÏà¹Ø»º½â²½·¥£¬£¬£¬£¬£¬¿É²Î¿¼£º

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884

https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/

¹ØÓÚ¶ñÒâʹÓà Microsoft ÊðÃûÇý¶¯³ÌÐòµÄÖ¸ÄÏ£¬£¬£¬£¬£¬¸ü¶àÐÅÏ¢¿É²Î¿¼£º

https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV230001

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¡£¡£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£¡£¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£¡£¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/

https://www.bleepingcomputer.com/news/security/microsoft-unpatched-office-zero-day-exploited-in-nato-summit-attacks/

  

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-07-12

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£¡£¡£¡£¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£¡£¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£¡£¡£¡£¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¡£¡£¡£¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£¡£¡£¡£¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£¡£¡£¡£¡£¡£¡£

5.2 ¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£¡£¡£¡£¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º

image.png