CNNVD关于微软多个安全漏洞的预警
近日,微软官方发布了多个安全漏洞的公告,包括Microsoft VisualStudio代码注入漏洞(CNNVD-202105-625、CVE-2021-27068)、MicrosoftWindows Codecs代码注入漏洞(CNNVD-202105-646、CVE-2021-28465)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2021年5月12日,微软发布了2021年5月份安全更新,共55个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Exchange Server、.Net、Office、SharePoint、Hyper-V、Visual Studio等。CNNVD对其危害等级进行了评价,其中高危漏洞有19个,中危漏洞34个,低危漏洞2个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括55个漏洞的补丁程序,其中高危漏洞有19个,中危漏洞34个,低危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Visual Studio 代码注入漏洞 | CNNVD-202105-625 | CVE-2021-27068 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27068 |
2 | Microsoft Jet Database Engine 代码注入漏洞 | CNNVD-202105-599 | CVE-2021-28455 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455 |
3 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202105-646 | CVE-2021-28465 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465 |
4 | Microsoft Office SharePoint 代码注入漏洞 | CNNVD-202105-556 | CVE-2021-28474 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474 |
5 | Microsoft Hyper-V 代码注入漏洞 | CNNVD-202105-586 | CVE-2021-28476 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476 |
6 | Microsoft HTTP.sys 代码注入漏洞 | CNNVD-202105-588 | CVE-2021-31166 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166 |
7 | Microsoft Office Excel 代码注入漏洞 | CNNVD-202105-596 | CVE-2021-31175 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175 |
8 | Microsoft Office 代码注入漏洞 | CNNVD-202105-595 | CVE-2021-31176 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176 |
9 | Microsoft Office Excel 代码注入漏洞 | CNNVD-202105-594 | CVE-2021-31177 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177 |
10 | Microsoft Office Excel 代码注入漏洞 | CNNVD-202105-593 | CVE-2021-31179 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179 |
11 | Microsoft Office Word 代码注入漏洞 | CNNVD-202105-592 | CVE-2021-31180 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180 |
12 | Microsoft SharePoint 代码注入漏洞 | CNNVD-202105-549 | CVE-2021-31181 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181 |
13 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202105-570 | CVE-2021-31192 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31192 |
14 | Microsoft OLE Automation Remote code 代码注入漏洞 | CNNVD-202105-569 | CVE-2021-31194 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194 |
15 | Microsoft Exchange Server 代码注入漏洞 | CNNVD-202105-551 | CVE-2021-31195 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195 |
16 | Microsoft Exchange Server 代码注入漏洞 | CNNVD-202105-547 | CVE-2021-31198 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198 |
17 | Microsoft Visual Studio Code 代码注入漏洞 | CNNVD-202105-700 | CVE-2021-31211 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211 |
18 | Microsoft Visual Studio Code 代码注入漏洞 | CNNVD-202105-677 | CVE-2021-31213 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31213 |
19 | Microsoft Visual Studio Code 代码注入漏洞 | CNNVD-202105-696 | CVE-2021-31214 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31214 |
20 | Microsoft Windows Wireless Networking信息泄露漏洞 | CNNVD-202105-632 | CVE-2020-24587 | 中危 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html |
21 | Microsoft Windows Wireless Networking安全漏洞 | CNNVD-202105-633 | CVE-2020-24588 | 中危 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html |
22 | Microsoft Windows Wireless Networking 安全漏洞 | CNNVD-202105-635 | CVE-2020-26144 | 中危 | https://www.wi-fi.org/security-update-fragmentation |
23 | Microsoft Office SharePoint 安全漏洞 | CNNVD-202105-557 | CVE-2021-26418 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418 |
24 | Microsoft Internet Explorer 缓冲区错误漏洞 | CNNVD-202105-587 | CVE-2021-26419 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419 |
25 | Microsoft Skype for Business Server 安全漏洞 | CNNVD-202105-623 | CVE-2021-26421 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26421 |
26 | Microsoft Skype for Business Server 代码注入漏洞 | CNNVD-202105-619 | CVE-2021-26422 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26422 |
27 | Microsoft Dynamics Finance & Operations 跨站脚本漏洞 | CNNVD-202105-638 | CVE-2021-28461 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461 |
28 | Microsoft SharePoint 安全漏洞 | CNNVD-202105-555 | CVE-2021-28478 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478 |
29 | Microsoft Windows CSC Service 信息泄露漏洞 | CNNVD-202105-589 | CVE-2021-28479 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479 |
30 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | CNNVD-202105-584 | CVE-2021-31165 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31165 |
31 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | CNNVD-202105-585 | CVE-2021-31167 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31167 |
32 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | CNNVD-202105-583 | CVE-2021-31168 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31168 |
33 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | CNNVD-202105-582 | CVE-2021-31169 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169 |
34 | Microsoft Graphics Components 权限许可和访问控制问题漏洞 | CNNVD-202105-581 | CVE-2021-31170 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170 |
35 | Microsoft SharePoint 安全漏洞 | CNNVD-202105-553 | CVE-2021-31172 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172 |
36 | Microsoft SharePoint 信息泄露漏洞 | CNNVD-202105-552 | CVE-2021-31173 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173 |
37 | Microsoft Excel 信息泄露漏洞 | CNNVD-202105-600 | CVE-2021-31174 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31174 |
38 | Microsoft Office Excel 信息泄露漏洞 | CNNVD-202105-591 | CVE-2021-31178 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178 |
39 | Microsoft Bluetooth Driver 安全漏洞 | CNNVD-202105-580 | CVE-2021-31182 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31182 |
40 | Microsoft Windows IrDA 缓冲区错误漏洞 | CNNVD-202105-579 | CVE-2021-31184 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31184 |
41 | Microsoft Windows Desktop Bridge 输入验证错误漏洞 | CNNVD-202105-578 | CVE-2021-31185 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31185 |
42 | Microsoft Remote Desktop Protocol 信息泄露漏洞 | CNNVD-202105-577 | CVE-2021-31186 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186 |
43 | Microsoft Windows WalletService 权限许可和访问控制问题漏洞 | CNNVD-202105-576 | CVE-2021-31187 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187 |
44 | Microsoft Graphics Components 权限许可和访问控制问题漏洞 | CNNVD-202105-574 | CVE-2021-31188 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188 |
45 | Microsoft Windows Container Isolation FS Filter Driver 权限许可和访问控制问题漏洞 | CNNVD-202105-573 | CVE-2021-31190 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31190 |
46 | Microsoft Projected File System 缓冲区错误漏洞 | CNNVD-202105-572 | CVE-2021-31191 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31191 |
47 | Microsoft Windows SSDP Service 权限许可和访问控制问题漏洞 | CNNVD-202105-568 | CVE-2021-31193 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31193 |
48 | Microsoft Common Utilities 代码注入漏洞 | CNNVD-202105-645 | CVE-2021-31200 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200 |
49 | Microsoft Visual Studio 权限许可和访问控制问题漏洞 | CNNVD-202105-624 | CVE-2021-31204 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204 |
50 | Microsoft Exchange Server 安全特征问题漏洞 | CNNVD-202105-543 | CVE-2021-31207 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207 |
51 | Microsoft Windows Container Manager Service 权限许可和访问控制问题漏洞 | CNNVD-202105-566 | CVE-2021-31208 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31208 |
52 | Microsoft Exchange Server 安全漏洞 | CNNVD-202105-544 | CVE-2021-31209 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209 |
53 | Microsoft Accessibility Insights for Web 信息泄露漏洞 | CNNVD-202105-644 | CVE-2021-31936 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31936 |
54 | Microsoft SharePoint 信息泄露漏洞 | CNNVD-202105-554 | CVE-2021-31171 | 低危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171 |
55 | Microsoft Windows SMB Client 安全特征问题漏洞 | CNNVD-202105-567 | CVE-2021-31205 | 低危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31205 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvd@itsec.gov.cn