¡¾Îó²îͨ¸æ¡¿Î¢Èí10Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2023-10-11


Ò»¡¢Îó²î¸ÅÊö

2023Äê10ÔÂ10ÈÕ£¬£¬£¬£¬£¬£¬Î¢ÈíÐû²¼ÁË10ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬£¬±¾´Î¸üй²ÐÞ¸´ÁË104¸öÎó²î£¨²»°üÀ¨Microsoft Edge-ChromiumÎó²î£©£¬£¬£¬£¬£¬£¬ÆäÖаüÀ¨3¸öÒѱ»Ê¹ÓõÄÎó²î¡¢45¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²îÒÔ¼°12¸öÆÀ¼¶ÎªÑÏÖصÄÎó²î¡£ ¡£ ¡£ ¡£¡£¡£

±¾´ÎÐÞ¸´µÄÎó²îÖУ¬£¬£¬£¬£¬£¬Îó²îÀàÐÍ°üÀ¨ÌØȨÌáÉýÎó²î¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡¢ÐÅϢй¶Îó²î¡¢¾Ü¾øЧÀÍÎó²î¡¢Çå¾²¹¦Ð§ÈƹýÎó²îºÍÓÕÆ­Îó²îµÈ¡£ ¡£ ¡£ ¡£¡£¡£

΢Èí±¾´Î¹²ÐÞ¸´ÁË3¸öÒѱ»Ê¹ÓõÄÎó²î£º

CVE-2023-41763£ºSkype for Business ȨÏÞÌáÉýÎó²î

¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ5.3£¬£¬£¬£¬£¬£¬Ô¶³ÌÍþвÕß¿ÉÒÔ¶ÔÄ¿µÄ Skype for Business ЧÀÍÆ÷¾ÙÐÐÌØÖÆÍøÂçŲÓ㬣¬£¬£¬£¬£¬Õâ¿ÉÄܵ¼ÖÂÆÊÎöÏòí§ÒâµØµã·¢³öµÄ http ÇëÇ󣬣¬£¬£¬£¬£¬´Ó¶ø¿ÉÄܵ¼ÖÂIP µØµã»ò¶Ë¿ÚºÅµÈÃô¸ÐÐÅϢй¶£¬£¬£¬£¬£¬£¬ÍþвÕß¿ÉÄÜʹÓÃÕâЩÐÅÏ¢À´»á¼ûÄÚ²¿ÍøÂç¡£ ¡£ ¡£ ¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬£¬£¬£¬£¬£¬ÇÒÒÑ·¢Ã÷±»Ê¹Óᣠ¡£ ¡£ ¡£¡£¡£

CVE-2023-36563£ºMicrosoft WordPad ÐÅϢй¶Îó²î

¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ6.5£¬£¬£¬£¬£¬£¬ÍþвÕß¿ÉÒÔͨ¹ýµÇ¼ϵͳÔËÐÐÌØÖƵÄÓ¦ÓóÌÐò»òÕßÓÕµ¼ÍâµØÓû§·­¿ª¶ñÒâÎļþÀ´Ê¹ÓøÃÎó²î£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼Ö NTLM ¹þϣֵй¶¡£ ¡£ ¡£ ¡£¡£¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬£¬£¬£¬£¬£¬ÇÒÒÑ·¢Ã÷±»Ê¹Óᣠ¡£ ¡£ ¡£¡£¡£

MITRE£ºCVE-2023-44487-HTTP/2 ¿ìËÙÖØÖù¥»÷

΢ÈíÒÑÐû²¼Õë¶ÔHTTP/2 µÄÂþÑÜʽ¾Ü¾øЧÀÍ (DDoS) ¹¥»÷£¨³ÆΪ¡°HTTP/2 Rapid Reset¡±£¬£¬£¬£¬£¬£¬×·×ÙΪCVE-2023-44487£©µÄ»º½â²½·¥£¬£¬£¬£¬£¬£¬¸Ã¹¥»÷ͨ¹ýÀÄÓà HTTP/2 µÄÇëÇó×÷·Ï¹¦Ð§£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼ÖÂЧÀÍÆ÷×ÊÔ´ºÄ¾¡£¬£¬£¬£¬£¬£¬Ôì³É¾Ü¾øЧÀÍ¡£ ¡£ ¡£ ¡£¡£¡£¸ÃÎó²î×Ô8ÔÂÒÔÀ´Òѱ»ÆÕ±éʹÓᣠ¡£ ¡£ ¡£¡£¡£

΢Èí±¾´Î¸üÐÂÐÞ¸´µÄ12¸öÆÀ¼¶Îª¡°ÑÏÖØ¡±µÄÎó²î°üÀ¨£º

9¸öΪµÚ2²ãËíµÀЭÒéÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2023-41770¡¢CVE-2023-41765¡¢CVE-2023-41767¡¢CVE-2023-38166¡¢CVE-2023-41774¡¢CVE-2023-41773¡¢CVE-2023-41771¡¢CVE-2023-41769ºÍCVE-2023-41768£©£¬£¬£¬£¬£¬£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔÏò·ÓɺÍÔ¶³Ì»á¼ûЧÀÍ (RRAS) ЧÀÍÆ÷·¢ËÍÌØÖƵÄЭÒéÐÂÎÅ£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼Ö RAS ЧÀÍÆ÷ÅÌËã»úÉϵÄÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©£¬£¬£¬£¬£¬£¬µ«Ê¹ÓÃÕâЩÎó²î¿ÉÄÜÐèÒªÓ®µÃ¾ºÕùÌõ¼þ¡£ ¡£ ¡£ ¡£¡£¡£

2¸öΪMicrosoftÐÂÎÅÐÐÁÐÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2023-35349ºÍCVE-2023-36697£©£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓÃCVE-2023-35349¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÍþвÕßÔÚÄ¿µÄЧÀÍÆ÷ÉÏÔ¶³ÌÖ´ÐдúÂë¡£ ¡£ ¡£ ¡£¡£¡£ÀÖ³ÉʹÓÃCVE-2023-36697¿ÉÄܵ¼Ö¾­ÓÉÉí·ÝÑéÖ¤µÄÓòÓû§ÔÚÄ¿µÄЧÀÍÆ÷ÉÏÔ¶³ÌÖ´ÐдúÂ룬£¬£¬£¬£¬£¬µ«ÍþвÕßÐèÒªÓÕµ¼Ä¿µÄÅÌËã»úÉϵÄÓû§ÅþÁ¬µ½¶ñÒâЧÀÍÆ÷£¬£¬£¬£¬£¬£¬»òÕßÆÆËðÕýµ±µÄMSMQЧÀÍÆ÷Ö÷»ú£¬£¬£¬£¬£¬£¬Ê¹Æä×÷Ϊ¶ñÒâЧÀÍÆ÷ÔËÐС£ ¡£ ¡£ ¡£¡£¡£Windows ÐÂÎÅÐÐÁÐЧÀÍÊÇ Windows ×é¼þ£¬£¬£¬£¬£¬£¬¿ÉÒÔͨ¹ý¼ì²éÊÇ·ñÖøÃûΪMessage QueuingµÄЧÀÍÔÚÔËÐУ¬£¬£¬£¬£¬£¬ÒÔ¼°ÅÌËã»úÉÏÊÇ·ñÕìÌýTCP ¶Ë¿Ú1801¡£ ¡£ ¡£ ¡£¡£¡£

ÒÔ¼°MicrosoftÐéÄâ¿ÉÐÅƽ̨Ä£¿£¿£¿£¿£¿é£¨TPM£©Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2023-36718£©£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄܵ¼ÖÂí§Òâ´úÂëÖ´ÐУ¬£¬£¬£¬£¬£¬µ«ÍþвÕß±ØÐèͨ¹ýguestģʽÓû§µÄÉí·ÝÑéÖ¤²Å»ªÌÓÀëÐéÄâ»ú¡£ ¡£ ¡£ ¡£¡£¡£

΢Èí10Ô¸üÐÂÉæ¼°µÄÍêÕûÎó²îÁбíÈçÏ£º

CVE ID

CVE ÎÊÌâ

ÑÏÖØÐÔ

CVE-2023-41770

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41765

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41767

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-38166

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41774

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41773

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41771

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41769

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-41768

Layer 2 Tunneling Protocol Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-35349

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-36697

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-36718

Microsoft Virtual Trusted Platform   Module Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2023-36722

Active DirectoryÓòЧÀÍÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36737

Azure Network Watcher VM Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36419

Azure HDInsight Apache Oozie ÊÂÇéÁ÷µ÷Àí³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36561

Azure DevOps ЧÀÍÆ÷ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36418

Azure RTOS GUIX Studio Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36414

Azure Identity SDK Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36415

Azure Identity SDK Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-41766

Windows ¿Í»§¶ËЧÀÍÆ÷ÔËÐÐʱ×Óϵͳ (CSRSS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-44487

MITRE£ºCVE-2023-44487 HTTP/2 ¿ìËÙÖØÖù¥»÷

¸ßΣ

CVE-2023-36566

Microsoft ͨÓÃÊý¾ÝÄ£×Ó SDK ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36429

Microsoft Dynamics 365£¨On-Premises£©ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36416

Microsoft Dynamics 365£¨On-Premises£©¿çÕ¾¾ç±¾Îó²î

¸ßΣ

CVE-2023-36433

Microsoft Dynamics 365£¨On-Premises£©ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36778

Microsoft Exchange Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36594

Windows Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-38159

Windows Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36565

Microsoft Office Graphics ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36569

Microsoft Office ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36568

Microsoft Office Click-To-Run ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-38171

Microsoft QUIC ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36435

Microsoft QUIC ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36577

Microsoft WDAC OLE DB provider for   SQL Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36710

Windows Media Foundation Core Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36564

Windows Search Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-36563

Microsoft WordPad ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36786

Skype for Business Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36780

Skype for Business Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36789

Skype for Business Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-41763

Skype for Business ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36728

Microsoft SQL Server ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36417

Microsoft SQL ODBC Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36598

Microsoft WDAC ODBC Çý¶¯³ÌÐòÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36730

Microsoft ODBC Driver for SQL Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36420

Microsoft ODBC Driver for SQL Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36585

Active Template Library ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36709

Microsoft AllJoyn API ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36902

Windows Runtime Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36713

Windows Common Log File System Driver   ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36723

Windows Container Manager Service ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36707

Windows Deployment ЧÀ;ܾøЧÀÍÎó²î

¸ßΣ

CVE-2023-36567

Windows Deployment ЧÀÍÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36706

Windows Deployment ЧÀÍÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36703

DHCP Server Service ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36721

Windows ¹ýʧ±¨¸æЧÀÍÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36436

Windows MSHTMLƽ̨Զ³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36557

PrintHTML API Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36434

Windows IIS ЧÀÍÆ÷ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36726

Windows Internet ÃÜÔ¿½»Á÷ (IKE) À©Õ¹ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36576

Windows ÄÚºËÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36712

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36698

Windows ÄÚºËÇå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-36584

Windows Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2023-36571

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36570

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36431

Microsoft Message Queuing ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36591

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36590

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36589

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36583

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36592

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36606

Microsoft Message Queuing ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36593

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36582

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36574

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36575

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36573

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36572

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36581

Microsoft Message Queuing ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36579

Microsoft Message Queuing ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36578

Microsoft Message Queuing Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36702

Microsoft DirectMusic Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36720

Windows Mixed Reality Developer Tools   ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36729

Named Pipe File System ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36605

Windows Named Pipe Filesystem ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36725

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36724

Windows µçÔ´ÖÎÀíЧÀÍÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36790

Windows RDP Encoder Mirror Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-29348

Windows Remote Desktop Gateway (RD   Gateway)ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36596

Remote Procedure Call ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36701

Microsoft µ¯ÐÔÎļþϵͳ (ReFS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36711

Windows Runtime C++ Template Library ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36704

Windows Setup Files Cleanup Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2023-36438

Windows TCP/IP ÐÅϢй¶Îó²î

¸ßΣ

CVE-2023-36603

Windows TCP/IP ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36602

Windows TCP/IP ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36717

Windows Virtual Trusted Platform   Module ¾Ü¾øЧÀÍÎó²î

¸ßΣ

CVE-2023-36731

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36732

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36776

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-36743

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-41772

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2023-5346

Chromium£ºCVE-2023-5346 V8 ÖеÄÀàÐÍ»ìÏý

δ֪

 

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°ÏìµÄ²úÆ·/¹¦Ð§/ЧÀÍ/×é¼þ°üÀ¨£º

Windows RDP

Windows Message Queuing

Azure SDK

Microsoft Dynamics

SQL Server

Azure Real Time Operating System

Azure

Windows IIS

Microsoft QUIC

Windows HTML Platform

Windows TCP/IP

Azure DevOps

Microsoft WordPad

Microsoft Windows Search Component

Microsoft Office

Microsoft Common Data Model SDK

Windows Deployment Services

Windows Kernel

Microsoft WDAC OLE DB provider for SQL

Windows Mark of the Web (MOTW)

Windows Active Template Library

Microsoft Graphics Component

Windows Remote Procedure Call

Windows Named Pipe File System

Windows Resilient File System (ReFS)

Windows Microsoft DirectMusic

Windows DHCP Server

Windows Setup Files Cleanup

Windows AllJoyn API

Microsoft Windows Media Foundation

Windows Runtime C++ Template Library

Windows Common Log File System Driver

Windows TPM

Windows Virtual Trusted Platform Module

Windows Mixed Reality Developer Tools

Windows Error Reporting

Active Directory Domain Services

Windows Container Manager Service

Windows Power Management Service

Windows NT OS Kernel

Windows IKE Extension

Windows Win32K

Microsoft Exchange Server

Skype for Business

Windows Client/Server Runtime Subsystem

Windows Layer 2 Tunneling Protocol

Client Server Run-time Subsystem (CSRSS)

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚ΢ÈíÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬£¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´¡£ ¡£ ¡£ ¡£¡£¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬣¬£¬£¬£¬£¬µ±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬£¬£¬£¬£¬£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öᣠ¡£ ¡£ ¡£¡£¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬£¬£¬£¬£¬£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬£¬£¬£¬£¬£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬£¬£¬£¬£¬£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬£¬£¬£¬£¬£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£ ¡£ ¡£ ¡£¡£¡£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬£¬£¬£¬£¬£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£ ¡£ ¡£ ¡£¡£¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬£¬£¬£¬£¬£¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬£¬£¬£¬£¬£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬£¬£¬£¬£¬£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öᣠ¡£ ¡£ ¡£¡£¡£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£ ¡£ ¡£ ¡£¡£¡£

2023Äê10ÔÂÇå¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2023-oct

²¹¶¡ÏÂÔØʾÀý£º

1.·­¿ªÉÏÊöÏÂÔØÁ´½Ó£¬£¬£¬£¬£¬£¬µã»÷Îó²îÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó¡£ ¡£ ¡£ ¡£¡£¡£

image.png

Àý1£ºÎ¢ÈíÎó²îÁÐÌåÏÖÀý£¨2022Äê2Ô£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÆ·¡¿Ñ¡ÔñÏìÓ¦µÄϵͳÀàÐÍ£¬£¬£¬£¬£¬£¬µã»÷ÓҲࡾÏÂÔØ¡¿´¦·­¿ª²¹¶¡ÏÂÔØÁ´½Ó¡£ ¡£ ¡£ ¡£¡£¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Çå¾²¸üС¿£¬£¬£¬£¬£¬£¬·­¿ª²¹¶¡ÏÂÔØÒ³Ã棬£¬£¬£¬£¬£¬ÏÂÔØÏìÓ¦²¹¶¡²¢¾ÙÐÐ×°Öᣠ¡£ ¡£ ¡£¡£¡£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.×°ÖÃÍê³ÉºóÖØÆôÅÌËã»ú¡£ ¡£ ¡£ ¡£¡£¡£

3.2 ÔÝʱ²½·¥

¹ØÓÚHTTP/2 ¿ìËÙÖØÖù¥»÷£¨CVE-2023-44487£©Îó²î£¬£¬£¬£¬£¬£¬Î¢ÈíµÄ»º½â²½·¥¿É²Î¿¼£º

https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/

Cloudflare¡¢Google¡¢AWS¡¢NGINXµÈÕë¶Ô¸ÃÎó²îµÄ»º½âºÍÏìÓ¦¿É²Î¿¼£º

https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£ ¡£ ¡£ ¡£¡£¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£ ¡£ ¡£ ¡£¡£¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£ ¡£ ¡£ ¡£¡£¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£ ¡£ ¡£ ¡£¡£¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£ ¡£ ¡£ ¡£¡£¡£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2023-oct

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2023-patch-tuesday-fixes-3-zero-days-104-flaws/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-10-11

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø½¨ÉèÓÚ1996Ä꣬£¬£¬£¬£¬£¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£ ¡£ ¡£ ¡£¡£¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Ç徲ЧÀͽâ¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£ ¡£ ¡£ ¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¼øºÚµ£±£Íø´óÏ㬣¬£¬£¬£¬£¬¹«Ë¾Ô±¹¤6000ÓàÈË£¬£¬£¬£¬£¬£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕЧÀÍÍŶÓ1300ÓàÈË¡£ ¡£ ¡£ ¡£¡£¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬£¬£¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£ ¡£ ¡£ ¡£¡£¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС£ ¡£ ¡£ ¡£¡£¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬£¬£¬£¬£¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬£¬£¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬£¬£¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£ ¡£ ¡£ ¡£¡£¡£

5.2 ¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬£¬£¬£¬£¬£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬£¬£¬£¬£¬£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£ ¡£ ¡£ ¡£¡£¡£

¹Ø×¢ÎÒÃÇ£º

image.png