【漏洞通报】CNNVD关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞174个,影响到微软产品的其他厂商漏洞21个。包括Microsoft Message Queuing 安全漏洞(CNNVD-202310-723、CVE-2023-35349)、Microsoft Windows IIS 安全漏洞(CNNVD-202310-801、CVE-2023-36434)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2023年10月10日,微软发布了2023年10月份安全更新,共195个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Client/Server Runtime Subsystem、Microsoft Windows HTML Platform、Microsoft Windows Error Reporting、Microsoft Windows Power Management Service、Microsoft Common Data Model SDK等。CNNVD对其危害等级进行了评价,其中超危漏洞7个,高危漏洞139个,中危漏洞48个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括103个新增漏洞的补丁程序,其中超危漏洞2个,高危漏洞81个,中危漏洞19个,低危漏洞1个。
1. 序号 2. 漏洞名称 3. CNNVD编号 4. CVE编号 5. 危害等级 6. 官方链接
7. 1 8. Microsoft Message Queuing 安全漏洞 9. CNNVD-202310-723 10. CVE-2023-35349 11. 超危 12. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349
13. 2 14. Microsoft Windows IIS 安全漏洞 15. CNNVD-202310-801 16. CVE-2023-36434 17. 超危 18. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434
19. 3 20. Microsoft Azure SDK 安全漏洞 21. CNNVD-202310-788 22. CVE-2023-36414 23. 高危 24. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414
25. 4 26. Microsoft Azure SDK 安全漏洞 27. CNNVD-202310-791 28. CVE-2023-36415 29. 高危 30. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415
31. 5 32. Microsoft ODBC Driver 安全漏洞 33. CNNVD-202310-795 34. CVE-2023-36417 35. 高危 36. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417
37. 6 38. Microsoft Azure Real Time Operating System 安全漏洞 39. CNNVD-202310-796 40. CVE-2023-36418 41. 高危 42. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418
43. 7 44. Microsoft Azure 安全漏洞 45. CNNVD-202310-794 46. CVE-2023-36419 47. 高危 48. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419
49. 8 50. Microsoft ODBC Driver 安全漏洞 51. CNNVD-202310-799 52. CVE-2023-36420 53. 高危 54. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420
55. 9 56. Microsoft Message Queuing 安全漏洞 57. CNNVD-202310-802 58. CVE-2023-36431 59. 高危 60. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431
61. 10 62. Microsoft QUIC 安全漏洞 63. CNNVD-202310-806 64. CVE-2023-36435 65. 高危 66. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435
67. 11 68. Microsoft Windows HTML Platform 安全漏洞 69. CNNVD-202310-808 70. CVE-2023-36436 71. 高危 72. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436
73. 12 74. Microsoft Windows TCP/IP 安全漏洞 75. CNNVD-202310-805 76. CVE-2023-36438 77. 高危 78. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438
79. 13 80. Microsoft Windows HTML Platform 安全漏洞 81. CNNVD-202310-811 82. CVE-2023-36557 83. 高危 84. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557
85. 14 86. Microsoft Azure DevOps Server 安全漏洞 87. CNNVD-202310-810 88. CVE-2023-36561 89. 高危 90. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561
91. 15 92. Microsoft Office 安全漏洞 93. CNNVD-202310-813 94. CVE-2023-36565 95. 高危 96. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565
97. 16 98. Microsoft Windows Deployment Services 安全漏洞 99. CNNVD-202310-819 100. CVE-2023-36567 101. 高危 102. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567
103. 17 104. Microsoft Office 安全漏洞 105. CNNVD-202310-818 106. CVE-2023-36568 107. 高危 108. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568
109. 18 110. Microsoft Office 安全漏洞 111. CNNVD-202310-821 112. CVE-2023-36569 113. 高危 114. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569
115. 19 116. Microsoft Message Queuing 安全漏洞 117. CNNVD-202310-822 118. CVE-2023-36570 119. 高危 120. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570
121. 20 122. Microsoft Message Queuing 安全漏洞 123. CNNVD-202310-820 124. CVE-2023-36571 125. 高危 126. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571
127. 21 128. Microsoft Message Queuing 安全漏洞 129. CNNVD-202310-816 130. CVE-2023-36572 131. 高危 132. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572
133. 22 134. Microsoft Message Queuing 安全漏洞 135. CNNVD-202310-814 136. CVE-2023-36573 137. 高危 138. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573
139. 23 140. Microsoft Message Queuing 安全漏洞 141. CNNVD-202310-809 142. CVE-2023-36574 143. 高危 144. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574
145. 24 146. Microsoft Message Queuing 安全漏洞 147. CNNVD-202310-807 148. CVE-2023-36575 149. 高危 150. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575
151. 25 152. Microsoft OLE DB Provider for SQL Server 安全漏洞 153. CNNVD-202310-800 154. CVE-2023-36577 155. 高危 156. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577
157. 26 158. Microsoft Message Queuing 安全漏洞 159. CNNVD-202310-797 160. CVE-2023-36578 161. 高危 162. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578
163. 27 164. Microsoft Message Queuing 安全漏洞 165. CNNVD-202310-792 166. CVE-2023-36579 167. 高危 168. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579
169. 28 170. Microsoft Message Queuing 安全漏洞 171. CNNVD-202310-789 172. CVE-2023-36581 173. 高危 174. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581
175. 29 176. Microsoft Message Queuing 安全漏洞 177. CNNVD-202310-786 178. CVE-2023-36582 179. 高危 180. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582
181. 30 182. Microsoft Message Queuing 安全漏洞 183. CNNVD-202310-785 184. CVE-2023-36583 185. 高危 186. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583
187. 31 188. Microsoft Windows Active Directory 安全漏洞 189. CNNVD-202310-782 190. CVE-2023-36585 191. 高危 192. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585
193. 32 194. Microsoft Message Queuing 安全漏洞 195. CNNVD-202310-781 196. CVE-2023-36589 197. 高危 198. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589
199. 33 200. Microsoft Message Queuing 安全漏洞 201. CNNVD-202310-784 202. CVE-2023-36590 203. 高危 204. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590
205. 34 206. Microsoft Message Queuing 安全漏洞 207. CNNVD-202310-780 208. CVE-2023-36591 209. 高危 210. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591
211. 35 212. Microsoft Message Queuing 安全漏洞 213. CNNVD-202310-779 214. CVE-2023-36592 215. 高危 216. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592
217. 36 218. Microsoft Message Queuing 安全漏洞 219. CNNVD-202310-778 220. CVE-2023-36593 221. 高危 222. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593
223. 37 224. Microsoft Graphics Component 安全漏洞 225. CNNVD-202310-793 226. CVE-2023-36594 227. 高危 228. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594
229. 38 230. Microsoft ODBC Driver 安全漏洞 231. CNNVD-202310-774 232. CVE-2023-36598 233. 高危 234. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598
235. 39 236. Microsoft Windows TCP/IP 安全漏洞 237. CNNVD-202310-776 238. CVE-2023-36602 239. 高危 240. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602
241. 40 242. Microsoft Windows TCP/IP 安全漏洞 243. CNNVD-202310-772 244. CVE-2023-36603 245. 高危 246. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603
247. 41 248. Microsoft Windows Named Pipe File System 安全漏洞 249. CNNVD-202310-771 250. CVE-2023-36605 251. 高危 252. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605
253. 42 254. Microsoft Message Queuing 安全漏洞 255. CNNVD-202310-773 256. CVE-2023-36606 257. 高危 258. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606
259. 43 260. Microsoft Windows Resilient File System (ReFS) 安全漏洞 261. CNNVD-202310-767 262. CVE-2023-36701 263. 高危 264. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701
265. 44 266. Microsoft Windows DirectMusic 安全漏洞 267. CNNVD-202310-777 268. CVE-2023-36702 269. 高危 270. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702
271. 45 272. Microsoft Windows DHCP Server 安全漏洞 273. CNNVD-202310-768 274. CVE-2023-36703 275. 高危 276. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703
277. 46 278. Microsoft Windows Setup Files Cleanup 安全漏洞 279. CNNVD-202310-766 280. CVE-2023-36704 281. 高危 282. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704
283. 47 284. Microsoft Windows AllJoyn API 安全漏洞 285. CNNVD-202310-763 286. CVE-2023-36709 287. 高危 288. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709
289. 48 290. Microsoft Windows Media Foundation 安全漏洞 291. CNNVD-202310-762 292. CVE-2023-36710 293. 高危 294. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710
295. 49 296. Microsoft Windows Runtime C++ Template Library 安全漏洞 297. CNNVD-202310-761 298. CVE-2023-36711 299. 高危 300. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711
301. 50 302. Microsoft Windows Kernel 安全漏洞 303. CNNVD-202310-760 304. CVE-2023-36712 305. 高危 306. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712
307. 51 308. Microsoft Windows Virtual Trusted Platform Module 安全漏洞 309. CNNVD-202310-756 310. CVE-2023-36718 311. 高危 312. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718
313. 52 314. Microsoft Windows Mixed Reality Developer Tools 安全漏洞 315. CNNVD-202310-755 316. CVE-2023-36720 317. 高危 318. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720
319. 53 320. Microsoft Windows Error Reporting 安全漏洞 321. CNNVD-202310-754 322. CVE-2023-36721 323. 高危 324. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721
325. 54 326. Microsoft Windows Container Manager Service 安全漏洞 327. CNNVD-202310-751 328. CVE-2023-36723 329. 高危 330. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723
331. 55 332. Microsoft Windows Kernel 安全漏洞 333. CNNVD-202310-750 334. CVE-2023-36725 335. 高危 336. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725
337. 56 338. Microsoft Windows IKE Extension 安全漏洞 339. CNNVD-202310-747 340. CVE-2023-36726 341. 高危 342. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726
343. 57 344. Microsoft Windows Named Pipe File System 安全漏洞 345. CNNVD-202310-744 346. CVE-2023-36729 347. 高危 348. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729
349. 58 350. Microsoft ODBC Driver 安全漏洞 351. CNNVD-202310-742 352. CVE-2023-36730 353. 高危 354. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730
355. 59 356. Microsoft Win32K 安全漏洞 357. CNNVD-202310-740 358. CVE-2023-36731 359. 高危 360. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731
361. 60 362. Microsoft Win32K 安全漏洞 363. CNNVD-202310-738 364. CVE-2023-36732 365. 高危 366. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732
367. 61 368. Microsoft Azure 安全漏洞 369. CNNVD-202310-725 370. CVE-2023-36737 371. 高危 372. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737
373. 62 374. Microsoft Win32K 安全漏洞 375. CNNVD-202310-757 376. CVE-2023-36743 377. 高危 378. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743
379. 63 380. Microsoft Win32K 安全漏洞 381. CNNVD-202310-749 382. CVE-2023-36776 383. 高危 384. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776
385. 64 386. Microsoft Exchange Server 安全漏洞 387. CNNVD-202310-748 388. CVE-2023-36778 389. 高危 390. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778
391. 65 392. Microsoft Skype for Business Server 安全漏洞 393. CNNVD-202310-745 394. CVE-2023-36780 395. 高危 396. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780
397. 66 398. Microsoft ODBC Driver 安全漏洞 399. CNNVD-202310-743 400. CVE-2023-36785 401. 高危 402. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785
403. 67 404. Microsoft Skype for Business 安全漏洞 405. CNNVD-202310-741 406. CVE-2023-36786 407. 高危 408. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786
409. 68 410. Microsoft Skype for Business 安全漏洞 411. CNNVD-202310-739 412. CVE-2023-36789 413. 高危 414. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789
415. 69 416. Microsoft Windows RDP 安全漏洞 417. CNNVD-202310-737 418. CVE-2023-36790 419. 高危 420. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790
421. 70 422. Microsoft Windows Client/Server Runtime Subsystem 安全漏洞 423. CNNVD-202310-724 424. CVE-2023-36902 425. 高危 426. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902
427. 71 428. Microsoft Graphics Component 安全漏洞 429. CNNVD-202310-736 430. CVE-2023-38159 431. 高危 432. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159
433. 72 434. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 435. CNNVD-202310-735 436. CVE-2023-38166 437. 高危 438. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166
439. 73 440. Microsoft QUIC 安全漏洞 441. CNNVD-202310-726 442. CVE-2023-38171 443. 高危 444. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
445. 74 446. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 447. CNNVD-202310-729 448. CVE-2023-41765 449. 高危 450. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765
451. 75 452. Microsoft Client Server Run-time Subsystem 安全漏洞 453. CNNVD-202310-733 454. CVE-2023-41766 455. 高危 456. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766
457. 76 458. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 459. CNNVD-202310-734 460. CVE-2023-41767 461. 高危 462. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767
463. 77 464. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 465. CNNVD-202310-732 466. CVE-2023-41768 467. 高危 468. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768
469. 78 470. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 471. CNNVD-202310-731 472. CVE-2023-41769 473. 高危 474. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769
475. 79 476. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 477. CNNVD-202310-727 478. CVE-2023-41770 479. 高危 480. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770
481. 80 482. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 483. CNNVD-202310-721 484. CVE-2023-41771 485. 高危 486. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771
487. 81 488. Microsoft Win32K 安全漏洞 489. CNNVD-202310-722 490. CVE-2023-41772 491. 高危 492. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772
493. 82 494. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 495. CNNVD-202310-720 496. CVE-2023-41773 497. 高危 498. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773
499. 83 500. Microsoft Windows Layer 2 Tunneling Protocol 安全漏洞 501. CNNVD-202310-719 502. CVE-2023-41774 503. 高危 504. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774
505. 84 506. Microsoft Windows Remote Desktop Protocol 安全漏洞 507. CNNVD-202310-787 508. CVE-2023-29348 509. 中危 510. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348
511. 85 512. Microsoft Dynamics 365 安全漏洞 513. CNNVD-202310-790 514. CVE-2023-36416 515. 中危 516. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416
517. 86 518. Microsoft Dynamics 365 安全漏洞 519. CNNVD-202310-798 520. CVE-2023-36429 521. 中危 522. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429
523. 87 524. Microsoft Dynamics 365 安全漏洞 525. CNNVD-202310-803 526. CVE-2023-36433 527. 中危 528. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433
529. 88 530. Microsoft WordPad 安全漏洞 531. CNNVD-202310-812 532. CVE-2023-36563 533. 中危 534. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563
535. 89 536. Microsoft Windows Search Component 安全漏洞 537. CNNVD-202310-815 538. CVE-2023-36564 539. 中危 540. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564
541. 90 542. Microsoft Common Data Model SDK 安全漏洞 543. CNNVD-202310-817 544. CVE-2023-36566 545. 中危 546. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566
547. 91 548. Microsoft Windows Kernel 安全漏洞 549. CNNVD-202310-804 550. CVE-2023-36576 551. 中危 552. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576
553. 92 554. Microsoft Windows 安全漏洞 555. CNNVD-202310-783 556. CVE-2023-36584 557. 中危 558. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584
559. 93 560. Microsoft Windows Remote Procedure Call 安全漏洞 561. CNNVD-202310-775 562. CVE-2023-36596 563. 中危 564. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596
565. 94 566. Microsoft Message Queuing 安全漏洞 567. CNNVD-202310-770 568. CVE-2023-36697 569. 中危 570. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697
571. 95 572. Microsoft Windows Deployment Services 安全漏洞 573. CNNVD-202310-765 574. CVE-2023-36706 575. 中危 576. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706
577. 96 578. Microsoft Windows Deployment Services 安全漏洞 579. CNNVD-202310-764 580. CVE-2023-36707 581. 中危 582. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707
583. 97 584. Microsoft Windows Common Log File System Driver 安全漏洞 585. CNNVD-202310-759 586. CVE-2023-36713 587. 中危 588. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713
589. 98 590. Microsoft Windows TPM 安全漏洞 591. CNNVD-202310-758 592. CVE-2023-36717 593. 中危 594. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717
595. 99 596. Microsoft Active Directory Domain Services 安全漏洞 597. CNNVD-202310-752 598. CVE-2023-36722 599. 中危 600. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722
601. 100 602. Microsoft Windows Power Management Service 安全漏洞 603. CNNVD-202310-753 604. CVE-2023-36724 605. 中危 606. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724
607. 101 608. Microsoft SQL Server 安全漏洞 609. CNNVD-202310-746 610. CVE-2023-36728 611. 中危 612. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728
613. 102 614. Microsoft Skype for Business 安全漏洞 615. CNNVD-202310-728 616. CVE-2023-41763 617. 中危 618. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763
619. 103 620. Microsoft Windows Kernel 安全漏洞 621. CNNVD-202310-769 622. CVE-2023-36698 623. 低危 624. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698
此次更新共包括71个更新漏洞的补丁程序,其中超危漏洞5个,高危漏洞48个,中危漏洞18个。
625. 序号 626. 漏洞名称 627. CNNVD编号 628. CVE编号 629. 危害等级 630. 官方链接
631. 1 632. Microsoft Exchange Server 安全漏洞 633. CNNVD-202308-737 634. CVE-2023-21709 635. 超危 636. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709
637. 2 638. Microsoft Azure Kubernetes 输入验证错误漏洞 639. CNNVD-202309-793 640. CVE-2023-29332 641. 超危 642. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332
643. 3 644. Microsoft Edge 安全漏洞 645. CNNVD-202309-1119 646. CVE-2023-36735 647. 超危 648. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36735
649. 4 650. Microsoft Visual Studio 安全漏洞 651. CNNVD-202309-804 652. CVE-2023-36758 653. 超危 654. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758
655. 5 656. Microsoft Office 安全漏洞 657. CNNVD-202309-812 658. CVE-2023-36765 659. 超危 660. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36765
661. 6 662. Microsoft Visual Studio 安全漏洞 663. CNNVD-202208-2505 664. CVE-2022-35825 665. 高危 666. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35825
667. 7 668. Microsoft Windows Kerberos 安全漏洞 669. CNNVD-202211-2288 670. CVE-2022-37967 671. 高危 672. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967
673. 8 674. Microsoft Dynamics 安全漏洞 675. CNNVD-202212-3159 676. CVE-2022-41127 677. 高危 678. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127
679. 9 680. Microsoft .NET Framework和Microsoft Visual Studio 安全漏洞 681. CNNVD-202306-853 682. CVE-2023-24936 683. 高危 684. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
685. 10 686. Microsoft Raw Image Extension 安全漏洞 687. CNNVD-202307-886 688. CVE-2023-32051 689. 高危 690. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32051
691. 11 692. Microsoft Azure DevOps Server 安全漏洞 693. CNNVD-202309-795 694. CVE-2023-33136 695. 高危 696. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136
697. 12 698. Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 699. CNNVD-202309-796 700. CVE-2023-35355 701. 高危 702. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35355
703. 13 704. Microsoft Edge 安全漏洞 705. CNNVD-202309-1116 706. CVE-2023-36562 707. 高危 708. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36562
709. 14 710. Microsoft 3D Viewer 安全漏洞 711. CNNVD-202309-799 712. CVE-2023-36739 713. 高危 714. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739
715. 15 716. Microsoft 3D Viewer 安全漏洞 717. CNNVD-202309-800 718. CVE-2023-36740 719. 高危 720. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740
721. 16 722. Microsoft Visual Studio Code 安全漏洞 723. CNNVD-202309-798 724. CVE-2023-36742 725. 高危 726. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742
727. 17 728. Microsoft Exchange Server 安全漏洞 729. CNNVD-202309-802 730. CVE-2023-36744 731. 高危 732. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744
733. 18 734. Microsoft Exchange Server 安全漏洞 735. CNNVD-202309-801 736. CVE-2023-36745 737. 高危 738. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745
739. 19 740. Microsoft Exchange Server 安全漏洞 741. CNNVD-202309-813 742. CVE-2023-36756 743. 高危 744. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756
745. 20 746. Microsoft Exchange Server 安全漏洞 747. CNNVD-202309-803 748. CVE-2023-36757 749. 高危 750. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757
751. 21 752. Microsoft 3D Viewer 安全漏洞 753. CNNVD-202309-808 754. CVE-2023-36760 755. 高危 756. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760
757. 22 758. Microsoft Word 安全漏洞 759. CNNVD-202309-810 760. CVE-2023-36762 761. 高危 762. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762
763. 23 764. Microsoft Outlook 安全漏洞 765. CNNVD-202309-811 766. CVE-2023-36763 767. 高危 768. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763
769. 24 770. Microsoft SharePoint 安全漏洞 771. CNNVD-202309-807 772. CVE-2023-36764 773. 高危 774. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764
775. 25 776. Microsoft 3D Builder 安全漏洞 777. CNNVD-202309-815 778. CVE-2023-36770 779. 高危 780. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770
781. 26 782. Microsoft 3D Builder 安全漏洞 783. CNNVD-202309-817 784. CVE-2023-36771 785. 高危 786. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771
787. 27 788. Microsoft 3D Builder 安全漏洞 789. CNNVD-202309-816 790. CVE-2023-36772 791. 高危 792. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772
793. 28 794. Microsoft 3D Builder 安全漏洞 795. CNNVD-202309-818 796. CVE-2023-36773 797. 高危 798. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773
799. 29 800. Microsoft .NET Framework 安全漏洞 801. CNNVD-202309-819 802. CVE-2023-36788 803. 高危 804. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
805. 30 806. Microsoft .NET和Microsoft Visual Studio 安全漏洞 807. CNNVD-202309-896 808. CVE-2023-36792 809. 高危 810. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
811. 31 812. Microsoft Visual Studio和Microsoft .NET 安全漏洞 813. CNNVD-202309-832 814. CVE-2023-36793 815. 高危 816. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
817. 32 818. Microsoft Visual Studio和Microsoft .NET 安全漏洞 819. CNNVD-202309-837 820. CVE-2023-36794 821. 高危 822. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
823. 33 824. Microsoft Visual Studio和Microsoft .NET 安全漏洞 825. CNNVD-202309-824 826. CVE-2023-36796 827. 高危 828. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
829. 34 830. Microsoft Streaming Service 安全漏洞 831. CNNVD-202309-835 832. CVE-2023-36802 833. 高危 834. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
835. 35 836. Microsoft Windows GDI 安全漏洞 837. CNNVD-202309-846 838. CVE-2023-36804 839. 高危 840. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36804
841. 36 842. Microsoft Windows Scripting 安全漏洞 843. CNNVD-202309-843 844. CVE-2023-36805 845. 高危 846. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36805
847. 37 848. Microsoft Reliability Analysis Metrics Calculation Engine 安全漏洞 849. CNNVD-202308-692 850. CVE-2023-36876 851. 高危 852. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36876
853. 38 854. Microsoft Tablet Windows User Interface 安全漏洞 855. CNNVD-202308-702 856. CVE-2023-36898 857. 高危 858. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36898
859. 39 860. Microsoft Windows Kernel 安全漏洞 861. CNNVD-202309-847 862. CVE-2023-38139 863. 高危 864. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139
865. 40 866. Microsoft Windows Kernel 安全漏洞 867. CNNVD-202309-849 868. CVE-2023-38141 869. 高危 870. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141
871. 41 872. Microsoft Windows Kernel 安全漏洞 873. CNNVD-202309-848 874. CVE-2023-38142 875. 高危 876. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38142
877. 42 878. Microsoft Windows Common Log File System Driver 安全漏洞 879. CNNVD-202309-844 880. CVE-2023-38143 881. 高危 882. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38143
883. 43 884. Microsoft Windows Common Log File System Driver 安全漏洞 885. CNNVD-202309-841 886. CVE-2023-38144 887. 高危 888. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38144
889. 44 890. Microsoft Windows Themes 安全漏洞 891. CNNVD-202309-836 892. CVE-2023-38146 893. 高危 894. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146
895. 45 896. Microsoft Windows Codecs Library 安全漏洞 897. CNNVD-202309-833 898. CVE-2023-38147 899. 高危 900. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38147
901. 46 902. Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 903. CNNVD-202309-830 904. CVE-2023-38148 905. 高危 906. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38148
907. 47 908. Microsoft Windows TCP/IP 资源管理错误漏洞 909. CNNVD-202309-826 910. CVE-2023-38149 911. 高危 912. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38149
913. 48 914. Microsoft Windows Kernel 安全漏洞 915. CNNVD-202309-823 916. CVE-2023-38150 917. 高危 918. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38150
919. 49 920. Microsoft Azure DevOps Server 安全漏洞 921. CNNVD-202309-865 922. CVE-2023-38155 923. 高危 924. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155
925. 50 926. Microsoft Azure 安全漏洞 927. CNNVD-202309-825 928. CVE-2023-38156 929. 高危 930. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156
931. 51 932. Microsoft Windows GDI 安全漏洞 933. CNNVD-202309-821 934. CVE-2023-38161 935. 高危 936. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38161
937. 52 938. Microsoft Windows DHCP Server 资源管理错误漏洞 939. CNNVD-202309-822 940. CVE-2023-38162 941. 高危 942. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38162
943. 53 944. Microsoft Windows Defender 安全漏洞 945. CNNVD-202309-872 946. CVE-2023-38163 947. 高危 948. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163
949. 54 950. Microsoft Edge 跨站脚本漏洞 951. CNNVD-202306-182 952. CVE-2023-29345 953. 中危 954. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29345
955. 55 956. Microsoft Edge 安全漏洞 957. CNNVD-202309-1117 958. CVE-2023-36727 959. 中危 960. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36727
961. 56 962. Microsoft Identity Linux Broker 安全漏洞 963. CNNVD-202309-797 964. CVE-2023-36736 965. 中危 966. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736
967. 57 968. Microsoft Visual Studio 安全漏洞 969. CNNVD-202309-805 970. CVE-2023-36759 971. 中危 972. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759
973. 58 974. Microsoft Word 安全漏洞 975. CNNVD-202309-809 976. CVE-2023-36761 977. 中危 978. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
979. 59 980. Microsoft Excel 安全漏洞 981. CNNVD-202309-814 982. CVE-2023-36766 983. 中危 984. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36766
985. 60 986. Microsoft Office 安全漏洞 987. CNNVD-202309-806 988. CVE-2023-36767 989. 中危 990. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767
991. 61 992. Microsoft Exchange Server 安全漏洞 993. CNNVD-202309-820 994. CVE-2023-36777 995. 中危 996. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777
997. 62 998. Microsoft .NET Core和Microsoft Visual Studio 安全漏洞 999. CNNVD-202309-828 1000. CVE-2023-36799 1001. 中危 1002. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799
1003. 63 1004. Microsoft Dynamics Finance & Operations 跨站脚本漏洞 1005. CNNVD-202309-829 1006. CVE-2023-36800 1007. 中危 1008. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800
1009. 64 1010. Microsoft Windows DHCP Server 安全漏洞 1011. CNNVD-202309-838 1012. CVE-2023-36801 1013. 中危 1014. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36801
1015. 65 1016. Microsoft Windows Kernel 安全漏洞 1017. CNNVD-202309-840 1018. CVE-2023-36803 1019. 中危 1020. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803
1021. 66 1022. Microsoft Dynamics 365 跨站脚本漏洞 1023. CNNVD-202309-852 1024. CVE-2023-36886 1025. 中危 1026. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886
1027. 67 1028. Microsoft Windows Kernel 安全漏洞 1029. CNNVD-202309-853 1030. CVE-2023-38140 1031. 中危 1032. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140
1033. 68 1034. Microsoft Windows DHCP Server 安全漏洞 1035. CNNVD-202309-890 1036. CVE-2023-38152 1037. 中危 1038. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38152
1039. 69 1040. Microsoft Windows TCP/IP 安全漏洞 1041. CNNVD-202309-868 1042. CVE-2023-38160 1043. 中危 1044. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38160
1045. 70 1046. Microsoft Dynamics 365 跨站脚本漏洞 1047. CNNVD-202309-874 1048. CVE-2023-38164 1049. 中危 1050. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164
1051. 71 1052. Microsoft Office 安全漏洞 1053. CNNVD-202309-875 1054. CVE-2023-41764 1055. 中危 1056. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41764
此次更新共包括21个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞10个,中危漏洞11个。
1057. 序号 1058. 漏洞名称 1059. CNNVD编号 1060. CVE编号 1061. 危害等级 1062. 厂商 1063. 官方链接
1064. 1 1065. Autodesk FBX-SDK 资源管理错误漏洞 1066. CNNVD-202210-946 1067. CVE-2022-41303 1068. 高危 1069. Autodesk 1070. https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022
1071. 2 1072. libwebp 资源管理错误漏洞 1073. CNNVD-202305-177 1074. CVE-2023-1999 1075. 高危 1076. WebP项目 1077. https://github.com/webmproject/libwebp
1078. 3 1079. Autodesk FBX-SDK 缓冲区错误漏洞 1080. CNNVD-202304-1342 1081. CVE-2023-27909 1082. 高危 1083. Autodesk 1084. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004
1085. 4 1086. Autodesk FBX-SDK 缓冲区错误漏洞 1087. CNNVD-202304-1347 1088. CVE-2023-27911 1089. 高危 1090. Autodesk 1091. https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004
1092. 5 1093. Apache HTTP/2 安全漏洞 1094. CNNVD-202310-667 1095. CVE-2023-44487 1096. 高危 1097. Apache基金会 1098. https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
1099. 6 1100. Google Chrome 缓冲区错误漏洞 1101. CNNVD-202309-784 1102. CVE-2023-4863 1103. 高危 1104. Google 1105. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
1106. 7 1107. Google Chrome 资源管理错误漏洞 1108. CNNVD-202309-2548 1109. CVE-2023-5186 1110. 高危 1111. Google 1112. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
1113. 8 1114. Google Chrome 资源管理错误漏洞 1115. CNNVD-202309-2546 1116. CVE-2023-5187 1117. 高危 1118. Google 1119. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
1120. 9 1121. Google Chrome 缓冲区错误漏洞 1122. CNNVD-202309-2505 1123. CVE-2023-5217 1124. 高危 1125. Google 1126. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
1127. 10 1128. Google Chrome 安全漏洞 1129. CNNVD-202310-219 1130. CVE-2023-5346 1131. 高危 1132. Google 1133. https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html
1134. 11 1135. Electron 代码注入漏洞 1136. CNNVD-202309-566 1137. CVE-2023-39956 1138. 中危 1139. 个人开发者 1140. https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5
1141. 12 1142. Google Chrome 安全漏洞 1143. CNNVD-202309-918 1144. CVE-2023-4900 1145. 中危 1146. Google 1147. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1148. 13 1149. Google Chrome 安全漏洞 1150. CNNVD-202309-920 1151. CVE-2023-4901 1152. 中危 1153. Google 1154. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1155. 14 1156. Google Chrome 安全漏洞 1157. CNNVD-202309-921 1158. CVE-2023-4902 1159. 中危 1160. Google 1161. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1162. 15 1163. Google Chrome 安全漏洞 1164. CNNVD-202309-923 1165. CVE-2023-4903 1166. 中危 1167. Google 1168. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1169. 16 1170. Google Chrome 安全漏洞 1171. CNNVD-202309-929 1172. CVE-2023-4904 1173. 中危 1174. Google 1175. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1176. 17 1177. Google Chrome 安全漏洞 1178. CNNVD-202309-928 1179. CVE-2023-4905 1180. 中危 1181. Google 1182. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1183. 18 1184. Google Chrome 安全漏洞 1185. CNNVD-202309-927 1186. CVE-2023-4906 1187. 中危 1188. Google 1189. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1190. 19 1191. Google Chrome 安全漏洞 1192. CNNVD-202309-925 1193. CVE-2023-4907 1194. 中危 1195. Google 1196. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1197. 20 1198. Google Chrome 安全漏洞 1199. CNNVD-202309-922 1200. CVE-2023-4908 1201. 中危 1202. Google 1203. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
1204. 21 1205. Google Chrome 安全漏洞 1206. CNNVD-202309-924 1207. CVE-2023-4909 1208. 中危 1209. Google 1210. https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
下一篇:中华人民共和国网络安全法