2023年3月网络安全风险提示
【漏洞公告】
微软公司近日发布了3月安全更新公告,包含了微软家族多个软件的安全更新补丁,包括:Microsoft Outlook、Windows SmartScreen、Internet Control Message Protocol、Windows HTTP.sys等多个CVE安全漏洞补丁。利用上述漏洞,攻击者可以绕过安全功能限制,获取敏感信息,提升权限,执行远程代码,或发起拒绝服务攻击等。我中心提醒全校师生用户尽快下载补丁更新,避免引发漏洞相关的网络安全事件。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
根据公告,此次更新中修复的 Internet Control Message Protocol (ICMP)远程代码执行漏洞(CVE-2023-23415)、Windows Cryptographic Services 远程代码执行漏洞(CVE-2023-23416)、HTTP Protocol Stack 远程代码执行漏洞(CVE-2023-23392)、Windows Hyper-V拒绝服务漏洞(CVE-2023-23411)、TPM2.0 Module Library权限提升漏洞(CVE-2023-1017、CVE-2023-1018)、Windows Point-to-Point Tunneling Protocol远程代码执行漏洞(CVE-2023-23404)、Remote Procedure Call Runtime远程代码执行漏洞 (CVE-2023-21708)、Windows图形组特权提升级漏洞(CVE-2023-24861)、 Windows HTTP.sys权限提升漏洞(CVE-2023-23410)、Windows HTTP.sys 权限提升漏洞(CVE-2023-23398)风险较大。其中Microsoft Outlook权限提升漏洞(CVE-2023-23397)、Windows SmartScreen 安全功能绕过漏洞(CVE-2023-24880)存在在野利用,建议尽快安装安全更新补丁或采取临时缓解措施加固系统。
相关链接参考:
https://msrc.microsoft.com/update-guide/vulnerability/
【影响范围】
Microsoft Outlook权限提升漏洞(CVE-2023-23397):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Windows SmartScreen安全功能绕过漏洞(CVE-2023-24880):
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Internet Control Message Protocol(ICMP)远程代码执行漏洞(CVE-2023-23415):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Cryptographic Services远程代码执行漏洞(CVE-2023-23416):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
HTTP 协议堆栈远程代码执行漏洞(CVE-2023-23392):
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Hyper-V 拒绝服务漏洞(CVE-2023-23411):
Windows 10 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
TPM2.0 Module Library 权限提升漏洞(CVE-2023-1017、CVE-2023-1018):
Windows 10 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Point-to-Point Tunneling Protocol远程代码执行漏洞(CVE-2023-23404):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Remote Procedure Call Runtime远程代码执行漏洞(CVE-2023-21708):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 图形组件权限提升漏洞(CVE-2023-24861):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows HTTP.sys权限提升漏洞(CVE-2023-23410):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Microsoft Excel欺骗漏洞(CVE-2023-23398):
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Excel 2013 RT Service Pack 1
Microsoft Excel 2013 Service Pack 1 (32-bit editions)
Microsoft Excel 2013 Service Pack 1 (64-bit editions)
Microsoft Excel 2016 (32-bit edition)
Microsoft Excel 2016 (64-bit edition)
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
3月安全公告列表,包含的其他漏洞快速阅读指引(非全部):
https://msrc.microsoft.com/update-guide/releaseNote/2023-Mar
CVE-2023-23408|Azure Apache Ambari 欺骗漏洞
CVE-2023-23409|客户端服务器运行时子系统(CSRSS)信息泄露漏洞
CVE-2023-23394|客户端服务器运行时子系统(CSRSS)信息泄露漏洞
CVE-2023-23388|Windows 蓝牙驱动程序特权提升漏洞
CVE-2023-24920|Microsoft Dynamics 365 (on-premises)跨站脚本漏洞
CVE-2023-24879|Microsoft Dynamics 365 (on-premises)跨站脚本漏洞
CVE-2023-24919|Microsoft Dynamics 365 (on-premises)跨站脚本漏洞
CVE-2023-24891|Microsoft Dynamics 365 (on-premises)跨站脚本漏洞
CVE-2023-24922|Microsoft Dynamics 365信息泄露漏洞
CVE-2023-24921|Microsoft Dynamics 365 (on-premises)跨站脚本漏洞
CVE-2023-24892|Microsoft Edge(基于 Chromium)Webview2欺骗漏洞
CVE-2023-24910|Windows图形组件特权提升漏洞
CVE-2023-23396|Microsoft Excel拒绝服务漏洞
CVE-2023-23399|Microsoft Excel远程代码执行漏洞
CVE-2023-23395|Microsoft SharePoint Server欺骗漏洞
CVE-2023-24890|Microsoft OneDrive for iOS安全功能绕过漏洞
CVE-2023-24930|Microsoft OneDrive for MacOS特权提升漏洞
CVE-2023-24882|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24923|Microsoft OneDrive for Android信息泄露漏洞
CVE-2023-24907|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24857|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24868|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24872|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24876|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24913|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24864|Microsoft PostScript和PCL6类打印机驱动程序特权提升漏洞
CVE-2023-24866|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24906|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24867|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24863|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24858|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24911|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24870|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24909|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-23406|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-23413|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-24856|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-24865|Microsoft PostScript和PCL6类打印机驱动程序信息泄露漏洞
CVE-2023-23403|Microsoft PostScript和PCL6类打印机驱动程序远程代码执行漏洞
CVE-2023-23401|Windows Media远程代码执行漏洞
CVE-2023-23402|Windows Media远程代码执行漏洞
CVE-2023-23391|Office for Android欺骗漏洞
CVE-2023-23400|Windows DNS服务器远程代码执行漏洞
CVE-2023-23383|Service Fabric Explorer欺骗漏洞
CVE-2023-23412|Windows帐户图片特权提升漏洞
CVE-2023-24871|Windows蓝牙服务远程代码执行漏洞
CVE-2023-23393|Windows BrokerInfrastructure服务特权提升漏洞
CVE-2023-23389|Microsoft Defender特权提升漏洞
CVE-2023-24859|Windows Internet密钥交换 (IKE)扩展拒绝服务漏洞
CVE-2023-23420|Windows内核特权提升漏洞
CVE-2023-23422|Windows内核特权提升漏洞
CVE-2023-23421|Windows内核特权提升漏洞
CVE-2023-23423|Windows内核特权提升漏洞
CVE-2023-23417|Windows分区管理驱动程序特权提升漏洞
CVE-2023-23407|Windows以太网点对点协议(PPPoE)远程代码执行漏洞
CVE-2023-23385|Windows 以太网点对点协议(PPPoE)特权提升漏洞
CVE-2023-23414|Windows 以太网点对点协议(PPPoE)远程代码执行漏洞
CVE-2023-23405|Remote Procedure Call Runtime远程代码执行漏洞
CVE-2023-24869|Remote Procedure Call Runtime远程代码执行漏洞
CVE-2023-24908|Remote Procedure Call Runtime远程代码执行漏洞
CVE-2023-23419|Windows弹性文件系统(ReFS)特权提升漏洞
CVE-2023-23418|Windows弹性文件系统(ReFS)特权提升漏洞
CVE-2023-24862|Windows安全通道拒绝服务漏洞
【漏洞描述】
Microsoft Outlook权限提升漏洞(CVE-2023-23397):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
是 |
已公开 |
未公开 |
已发现 |
Microsoft Outlook 存在权限提升漏洞,未经身份验证的远程攻击者可以向受害者发送特制的电子邮件,导致受害者连接到攻击者控制的外部 UNC 位置。这会将受害者的 Net-NTLMv2 散列泄露给攻击者,然后攻击者可以将其中继到另一个服务并作为受害者进行身份验证。值得注意的是,电子邮件服务器检索和处理电子邮件时(例如在预览 窗格中查看电子邮件之前)会自动触发漏洞。
Windows SmartScreen安全功能绕过漏洞(CVE-2023-24880):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
是 |
已公开 |
未公开 |
已发现 |
Windows SmartScreen存在安全特性绕过漏洞,未经身份验证的远程攻击者可以诱骗受害者打开特制文件并绕过Web标记(MOTW)防御。此漏洞已被用于在野攻击。
Internet Control Message Protocol(ICMP)远程代码执行漏洞(CVE-2023-23415):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Internet Control Message Protocol (ICMP)存在远程代码执行漏洞,未经身份验证的远程攻击者可通过向目标系统发送特制的ICMP报文来利用此漏洞,成功利用此漏洞可能在目标系统上执行任意代码。此漏洞触发存在前置条件,目标主机上需要运行绑定到原始套接字的应用程序。
Windows Cryptographic Services远程代码执行漏洞(CVE-2023-23416):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Windows Cryptographic Services 存在远程代码执行漏洞,利用该漏洞,需要在受影响的系统上导入恶意证书。攻击者可以将证书上传到处理或导入证书的服务,或者说服用户在他们的系统上导入证书。成功利用该漏洞可以在目标系统上以该用户权限执行任意代码。
HTTP 协议堆栈远程代码执行漏洞(CVE-2023-23392):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
HTTP 协议堆栈存在远程代码执行漏洞,未经身份验证的远程攻击者可以特制的数据包发送到目标服务器,成功利用该漏洞在目标服务器上执行任意代码。服务器易受攻击的先决条件是绑定启用了 HTTP/3,并且服务器使用缓冲 I/O。
Windows Hyper-V拒绝服务漏洞(CVE-2023-23411)
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Windows Hyper-V 存在拒绝服务漏洞,经过身份验证的攻击者可利用该漏洞导致 Hyper-V 主机拒绝服务。
TPM2.0 Module Library权限提升漏洞(CVE-2023-1017、CVE-2023-1018):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
TPM2.0 Module Library存在越界写漏洞(CVE-2023-1017 、 CVE-2023-1018),经过身份验证的攻击者可以在缓冲区中越界写入两个字节,可导致拒绝服务或在TPM上下文中执行任意代码。来宾VM中经过身份验证的攻击者 可通过向Hyper-V发送特制TPM命令来利用此漏洞,成功利用此漏洞可能获得提升的权限。
Windows Point-to-Point Tunneling Protocol远程代码执行漏洞(CVE-2023-23404):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Windows Point-to-Point Tunneling Protocol存在远程代码执行漏洞,未经身份验证的远程攻击者可以向目标RAS服务器发送特制连接请求,成功利用利用该漏洞 可以在目标系统上执行任意代码。
Remote Procedure Call Runtime远程代码执行漏洞(CVE-2023-21708):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Remote Procedure Call Runtime存在远程代码执行漏洞,未经身份验证的攻击者可以向目标RPC主机发送特制的RPC调用。成功利用该漏洞可以在服务器端以与RPC服务相同的权限执行远程代码。在企业外围防火墙阻止TCP的135端口,可以降低一些针对此漏洞的潜在攻击的可能性。
Windows图形组件权限提升漏洞(CVE-2023-24861)
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Windows图形组件存在权限提升漏洞,经过身份认证的攻击者可通过在目标系统上执行特制程序来利用此漏洞,成功利用此漏洞可提升至SYSTEM权限。
Windows HTTP.sys权限提升漏洞(CVE-2023-23410)
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Windows HTTP.sys存在权限提升漏洞,经过身份认证的攻击者利用此漏洞可将权限提升至SYSTEM权限。
Microsoft Excel欺骗漏洞(CVE-2023-23398):
细节是否公开 |
POC状态 |
EXP状态 |
在野利用 |
否 |
未公开 |
未公开 |
未发现 |
Microsoft Excel存在欺骗漏洞,未经身份验证的攻击者可以诱导用户打开特制文件,然后单击安全警告提示“启用内容”。成功利用此漏洞的攻击者可以诱骗用户启用他们无法检查的内容。
【缓解措施】
高危:目前漏洞细节虽未公开,但是恶意攻击者可以通过补丁对比方式分析出漏洞触发点,并进一步开发漏洞利用代码,Microsoft 已发布相关安全更新,鉴于漏洞的严重性,建议受影响的用户尽快修复。安恒信息将在产品的例行更新中加入相关攻击检测和防护能力。
(一)Windows 更新:
自动更新:
Microsoft Update 默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。
手动更新:
1、点击“开始菜单”或按Windows快捷键,点击进入“设置”。
2、选择“更新和安全”,进入“Windows 更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->“Windows更新”)
3、选择“检查更新”,等待系统将自动检查并下载可用更新。
4、重启计算机,安装更新系统重新启动后,可通过进入“Windows 更新”->“查看更新历史记录”查看是否成功安装了更新。
(二)目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。
补丁获取:
https://msrc.microsoft.com/update-guide/vulnerability