- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
新华三盾山实验室
2023/10/11
2023年10月,新华三盾山实验室监测发现Microsoft官方发布了10月安全更新,共发布104个漏洞的补丁信息,主要修复了修复了Windows Server 2022、Microsoft Office、.NET 7.0 等产品中的漏洞。在此次更新的补丁中,有12个漏洞被微软标记为严重漏洞,且部分漏洞存在在野利用,由于影响较大,新华三盾山实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
Microsoft Exchange Server存在代码执行漏洞,由于cmdlet 参数验证不当所,经过身份验证的恶意攻击者向服务器发送特制数据包,并通过PowerShell 远程会话执行任意代码。
严重等级:高危 评分:8.0
Microsoft Message Queuing存在代码执行漏洞,由于对用户提供的输入验证不足,恶意攻击者通过将特制的输入传递给应用程序,成功利用此漏洞可在目标系统上执行任意代码,获取目标系统的控制权限。
严重等级:严重 评分:9.8
Skype for Business存在 代码执行漏洞该漏洞,由于Skype for Business 中用户提供的输入验证不足,恶意攻击者可以将特制的输入传递给应用程序,成功利用此漏洞可在目标系统上执行任意代码。
严重等级:高危 评分:7.2
Skype for Business 存在权限提升漏洞,由于应用程序输出过多的数据,恶意攻击者成功利用此漏洞可访问敏感信息。
严重等级:中危 评分:6.5
Microsoft WordPad存在信息泄露漏洞,由于写字板中NTLM 哈希值的泄露,恶意攻击者通过诱骗受害者打开特制文件,成功利用此漏洞可获取敏感信息的访问权限。
严重等级:中危 评分:6.5
Win32k 存在权限提升漏洞,由于 Win32k 中的竞争条件造成的,恶意攻击者可以利用竞争并获得对敏感信息的未经授权的访问并升级系统权限。
严重等级:高危 评分:7.0
CVE编号 | 受影响产品 |
CVE-2023-35349 CVE-2023-36697 CVE-2023-41770 CVE-2023-41765 CVE-2023-36722 CVE-2023-41766 CVE-2023-36594 CVE-2023-36776 CVE-2023-36563 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-36718 | Windows 10 Version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems |
CVE-2023-36780 CVE-2023-41763 | Skype for Business Server 2015 CU13 Skype for Business Server 2019 CU7 |
CVE-2023-36778 | Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2016 Cumulative Update 23 |
CVE-2023-38159 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2023-oct
https://msrc.microsoft.com/update-guide/releaseNote/2023-oct
产品与解决方案
售前咨询
售后咨询
人工在线咨询
