CNNVD关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞66个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Visual Studio 安全漏洞(CNNVD-202405-1901、CVE-2024-32002)、Microsoft Windows Task Scheduler 后置链接漏洞(CNNVD-202405-1984、CVE-2024-26238)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。一、 漏洞介绍
2024年5月14日,微软发布了2024年5月份安全更新,共68个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft SharePoint、Microsoft Visual Studio、.NET and Visual Studio、Microsoft Windows Remote Access Connection Manager、Microsoft Win32k等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞32个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括61个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞34个,中危漏洞26个。
序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Visual Studio 安全漏洞CNNVD-202405-1901CVE-2024-32002超危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32002
2Microsoft Windows Task Scheduler 后置链接漏洞CNNVD-202405-1984CVE-2024-26238高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238
3Microsoft Windows SCSI Class System File 缓冲区错误漏洞CNNVD-202405-1981CVE-2024-29994高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994
4Microsoft Windows Common Log File System Driver 缓冲区错误漏洞CNNVD-202405-1980CVE-2024-29996高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996
5Microsoft OLE DB Provider for SQL Server 资源管理错误漏洞CNNVD-202405-1970CVE-2024-30006高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006
6Microsoft Brokering File System 安全漏洞CNNVD-202405-1969CVE-2024-30007高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007
7Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1967CVE-2024-30009高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009
8Microsoft Windows Hyper-V 安全漏洞CNNVD-202405-1966CVE-2024-30010高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010
9Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1963CVE-2024-30014高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014
10Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1962CVE-2024-30015高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015
11Microsoft Windows Hyper-V 安全漏洞CNNVD-202405-1961CVE-2024-30017高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30017
12Microsoft Windows Kernel 后置链接漏洞CNNVD-202405-1958CVE-2024-30018高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30018
13Microsoft Windows Cryptographic Services 安全漏洞CNNVD-202405-1959CVE-2024-30020高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30020
14Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1955CVE-2024-30022高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30022
15Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1954CVE-2024-30023高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30023
16Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1953CVE-2024-30024高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024
17Microsoft Windows Common Log File System Driver 缓冲区错误漏洞CNNVD-202405-1951CVE-2024-30025高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30025
18Microsoft Windows NTFS 资源管理错误漏洞CNNVD-202405-1952CVE-2024-30027高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027
19Microsoft Win32k 资源管理错误漏洞CNNVD-202405-1950CVE-2024-30028高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30028
20Microsoft Windows Routing and Remote Access Service 安全漏洞CNNVD-202405-1949CVE-2024-30029高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029
21Microsoft Win32k 代码问题漏洞CNNVD-202405-1948CVE-2024-30030高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30030
22Microsoft Windows CNG Key Isolation Service 资源管理错误漏洞CNNVD-202405-1947CVE-2024-30031高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30031
23Microsoft Windows DWM Core Library 资源管理错误漏洞CNNVD-202405-1946CVE-2024-30032高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30032
24Microsoft Windows Search Component 后置链接漏洞CNNVD-202405-1945CVE-2024-30033高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033
25Microsoft Windows DWM Core Library 资源管理错误漏洞CNNVD-202405-1942CVE-2024-30035高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30035
26Microsoft Windows Common Log File System Driver 缓冲区错误漏洞CNNVD-202405-1940CVE-2024-30037高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037
27Microsoft Win32K 安全漏洞CNNVD-202405-1941CVE-2024-30038高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038
28Microsoft Windows MSHTML Platform 输入验证错误漏洞CNNVD-202405-1938CVE-2024-30040高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040
29Microsoft Excel 代码问题漏洞CNNVD-202405-1936CVE-2024-30042高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042
30Microsoft SharePoint 代码问题漏洞CNNVD-202405-1933CVE-2024-30044高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044
31Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞CNNVD-202405-1930CVE-2024-30047高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30047
32Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞CNNVD-202405-1929CVE-2024-30048高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30048
33Microsoft Win32K 资源管理错误漏洞CNNVD-202405-1928CVE-2024-30049高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049
34Microsoft Windows DWM Core Library 安全漏洞CNNVD-202405-2412CVE-2024-30051高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051
35Microsoft Visual Studio 安全漏洞CNNVD-202405-1905CVE-2024-32004高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32004
36Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1979CVE-2024-29997中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997
37Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1978CVE-2024-29998中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998
38Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1977CVE-2024-29999中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29999
39Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1976CVE-2024-30000中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000
40Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1975CVE-2024-30001中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30001
41Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1974CVE-2024-30002中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30002
42Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1973CVE-2024-30003中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30003
43Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1972CVE-2024-30004中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30004
44Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1971CVE-2024-30005中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30005
45Microsoft Windows DWM Core Library 数字错误漏洞CNNVD-202405-1968CVE-2024-30008中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008
46Microsoft Windows Hyper-V 数字错误漏洞CNNVD-202405-1965CVE-2024-30011中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30011
47Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1964CVE-2024-30012中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30012
48Microsoft Windows Cryptographic Services 缓冲区错误漏洞CNNVD-202405-1960CVE-2024-30016中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016
49Microsoft Windows 资源管理错误漏洞CNNVD-202405-1957CVE-2024-30019中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30019
50Microsoft Windows Mobile Broadband 输入验证错误漏洞CNNVD-202405-1956CVE-2024-30021中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30021
51Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞CNNVD-202405-1944CVE-2024-30034中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034
52Microsoft Windows Deployment Services 安全漏洞CNNVD-202405-1943CVE-2024-30036中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30036
53Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202405-1939CVE-2024-30039中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039
54Microsoft Bing 安全漏洞CNNVD-202405-1937CVE-2024-30041中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30041
55Microsoft SharePoint 代码问题漏洞CNNVD-202405-1934CVE-2024-30043中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043
56.NET and Visual Studio 安全漏洞CNNVD-202405-1932CVE-2024-30045中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045
57Microsoft Visual Studio 竞争条件问题漏洞CNNVD-202405-1931CVE-2024-30046中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046
58Microsoft Windows 安全漏洞CNNVD-202405-1926CVE-2024-30050中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30050
59Microsoft Azure Migrate 跨站脚本漏洞CNNVD-202405-2297CVE-2024-30053中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30053
60Microsoft Power BI 输入验证错误漏洞CNNVD-202405-2120CVE-2024-30054中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30054
61Microsoft Intune 访问控制错误漏洞CNNVD-202405-1935CVE-2024-30059中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30059
此次更新共包括5个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞4个。
序号漏洞名称CNNVD编号CVE编号危害等级官方链接
1Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202404-1180CVE-2024-26211高危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211
2Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202404-1184CVE-2024-26207中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26207
3Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202404-1179CVE-2024-26217中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26217
4Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202404-1135CVE-2024-28900中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900
5Microsoft Windows Remote Access Connection Manager 安全漏洞CNNVD-202404-1133CVE-2024-28902中危https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28902
此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。
序号漏洞名称CNNVD编号CVE编号危害等级厂商官方链接
1Lenovo PC 安全漏洞CNNVD-202404-1383CVE-2024-23593中危联想https://support.lenovo.com/us/en/product_security/LEN-132277
2Google Chrome 安全漏洞CNNVD-202405-1870CVE-2024-4761中危Googlehttps://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
三、修复建议目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-usCNNVD
页:
[1]