🔥 热搜 🔥
百度今日热点微信公众平台贴吧opggdnf私服百度贴吧知乎dnf公益服百度傻逼
分类
社会娱乐国际人权科技经济其它
🔥 热搜 🔥
上海习近平新疆鄂州父女瓜乌鲁木齐疫情H工口小学生赛高习明泽芊川一笑图包印尼排华
分类
社会娱乐国际人权科技经济其它
查看原文
其他

CNNVD关于微软多个安全漏洞的预警

CNNVD CNNVD安全动态 2021-05-15

   近日,微软官方发布了多个安全漏洞的公告,包括Microsoft VisualStudio代码注入漏洞(CNNVD-202105-625CVE-2021-27068)、MicrosoftWindows Codecs代码注入漏洞(CNNVD-202105-646CVE-2021-28465)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

       2021512日,微软发布了20215月份安全更新,共55个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Exchange Server.NetOfficeSharePointHyper-VVisual Studio等。CNNVD对其危害等级进行了评价,其中高危漏洞有19个,中危漏洞34个,低危漏洞2个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、漏洞详情

此次更新共包括55个漏洞的补丁程序,其中高危漏洞有19个,中危漏洞34个,低危漏洞2个。

 

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Microsoft  Visual Studio 代码注入漏洞

CNNVD-202105-625

CVE-2021-27068

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27068

2

Microsoft Jet  Database Engine 代码注入漏洞

CNNVD-202105-599

CVE-2021-28455

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455

3

Microsoft  Windows Codecs 代码注入漏洞

CNNVD-202105-646

CVE-2021-28465

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465

4

Microsoft  Office SharePoint 代码注入漏洞

CNNVD-202105-556

CVE-2021-28474

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474

5

Microsoft  Hyper-V 代码注入漏洞

CNNVD-202105-586

CVE-2021-28476

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476

6

Microsoft  HTTP.sys 代码注入漏洞

CNNVD-202105-588

CVE-2021-31166

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166

7

Microsoft  Office Excel 代码注入漏洞

CNNVD-202105-596

CVE-2021-31175

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175

8

Microsoft  Office 代码注入漏洞

CNNVD-202105-595

CVE-2021-31176

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176

9

Microsoft  Office Excel 代码注入漏洞

CNNVD-202105-594

CVE-2021-31177

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177

10

Microsoft  Office Excel 代码注入漏洞

CNNVD-202105-593

CVE-2021-31179

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179

11

Microsoft  Office Word 代码注入漏洞

CNNVD-202105-592

CVE-2021-31180

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180

12

Microsoft  SharePoint 代码注入漏洞

CNNVD-202105-549

CVE-2021-31181

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181

13

Microsoft  Windows Codecs 代码注入漏洞

CNNVD-202105-570

CVE-2021-31192

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31192

14

Microsoft OLE  Automation Remote code 代码注入漏洞

CNNVD-202105-569

CVE-2021-31194

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194

15

Microsoft  Exchange Server 代码注入漏洞

CNNVD-202105-551

CVE-2021-31195

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195

16

Microsoft  Exchange Server 代码注入漏洞

CNNVD-202105-547

CVE-2021-31198

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198

17

Microsoft  Visual Studio Code 代码注入漏洞

CNNVD-202105-700

CVE-2021-31211

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211

18

Microsoft  Visual Studio Code 代码注入漏洞

CNNVD-202105-677

CVE-2021-31213

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31213

19

Microsoft  Visual Studio Code 代码注入漏洞

CNNVD-202105-696

CVE-2021-31214

高危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31214

20

Microsoft  Windows Wireless Networking信息泄露漏洞

CNNVD-202105-632

CVE-2020-24587

中危

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

21

Microsoft  Windows Wireless Networking安全漏洞

CNNVD-202105-633

CVE-2020-24588

中危

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html

22

Microsoft  Windows Wireless Networking 安全漏洞

CNNVD-202105-635

CVE-2020-26144

中危

https://www.wi-fi.org/security-update-fragmentation

23

Microsoft  Office SharePoint 安全漏洞

CNNVD-202105-557

CVE-2021-26418

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418

24

Microsoft  Internet Explorer 缓冲区错误漏洞

CNNVD-202105-587

CVE-2021-26419

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419

25

Microsoft  Skype for Business Server  安全漏洞

CNNVD-202105-623

CVE-2021-26421

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26421

26

Microsoft  Skype for Business Server 代码注入漏洞

CNNVD-202105-619

CVE-2021-26422

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26422

27

Microsoft  Dynamics Finance & Operations 跨站脚本漏洞

CNNVD-202105-638

CVE-2021-28461

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461

28

Microsoft  SharePoint 安全漏洞

CNNVD-202105-555

CVE-2021-28478

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478

29

Microsoft  Windows CSC Service 信息泄露漏洞

CNNVD-202105-589

CVE-2021-28479

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479

30

Microsoft  Windows Container Manager Service 权限许可和访问控制问题漏洞

CNNVD-202105-584

CVE-2021-31165

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31165

31

Microsoft  Windows Container Manager Service 权限许可和访问控制问题漏洞

CNNVD-202105-585

CVE-2021-31167

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31167

32

Microsoft  Windows Container Manager Service 权限许可和访问控制问题漏洞

CNNVD-202105-583

CVE-2021-31168

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31168

33

Microsoft  Windows Container Manager Service 权限许可和访问控制问题漏洞

CNNVD-202105-582

CVE-2021-31169

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169

34

Microsoft  Graphics Components 权限许可和访问控制问题漏洞

CNNVD-202105-581

CVE-2021-31170

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170

35

Microsoft  SharePoint 安全漏洞

CNNVD-202105-553

CVE-2021-31172

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172

36

Microsoft  SharePoint 信息泄露漏洞

CNNVD-202105-552

CVE-2021-31173

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173

37

Microsoft  Excel 信息泄露漏洞

CNNVD-202105-600

CVE-2021-31174

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31174

38

Microsoft  Office Excel 信息泄露漏洞

CNNVD-202105-591

CVE-2021-31178

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178

39

Microsoft  Bluetooth Driver 安全漏洞

CNNVD-202105-580

CVE-2021-31182

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31182

40

Microsoft  Windows IrDA 缓冲区错误漏洞

CNNVD-202105-579

CVE-2021-31184

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31184

41

Microsoft  Windows Desktop Bridge 输入验证错误漏洞

CNNVD-202105-578

CVE-2021-31185

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31185

42

Microsoft  Remote Desktop Protocol 信息泄露漏洞

CNNVD-202105-577

CVE-2021-31186

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186

43

Microsoft  Windows WalletService 权限许可和访问控制问题漏洞

CNNVD-202105-576

CVE-2021-31187

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187

44

Microsoft  Graphics Components 权限许可和访问控制问题漏洞

CNNVD-202105-574

CVE-2021-31188

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188

45

Microsoft  Windows Container Isolation FS Filter Driver 权限许可和访问控制问题漏洞

CNNVD-202105-573

CVE-2021-31190

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31190

46

Microsoft  Projected File System 缓冲区错误漏洞

CNNVD-202105-572

CVE-2021-31191

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31191

47

Microsoft  Windows SSDP Service 权限许可和访问控制问题漏洞

CNNVD-202105-568

CVE-2021-31193

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31193

48

Microsoft  Common Utilities 代码注入漏洞

CNNVD-202105-645

CVE-2021-31200

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200

49

Microsoft  Visual Studio 权限许可和访问控制问题漏洞

CNNVD-202105-624

CVE-2021-31204

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204

50

Microsoft  Exchange Server 安全特征问题漏洞

CNNVD-202105-543

CVE-2021-31207

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207

51

Microsoft  Windows Container Manager Service 权限许可和访问控制问题漏洞

CNNVD-202105-566

CVE-2021-31208

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31208

52

Microsoft  Exchange Server 安全漏洞

CNNVD-202105-544

CVE-2021-31209

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209

53

Microsoft  Accessibility Insights for Web 信息泄露漏洞

CNNVD-202105-644

CVE-2021-31936

中危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31936

54

Microsoft  SharePoint 信息泄露漏洞

CNNVD-202105-554

CVE-2021-31171

低危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171

55

Microsoft  Windows SMB Client 安全特征问题漏洞

CNNVD-202105-567

CVE-2021-31205

低危

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31205

 

三、修复建议

     目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

    https://msrc.microsoft.com/update-guide/en-us

CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn


    您可能也对以下帖子感兴趣

    文章有问题?点此查看未经处理的缓存