登录

欢迎user新华三退出

简体中文

  • 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 关于我们

微软4月补丁日安全通告

【发布时间:2023-05-11】

新华三盾山实验室

2023/04/12

1. 漏洞综述

1.1 漏洞背景

2023年4月,新华三盾山实验室监测发现Microsoft官方发布了4月安全更新,此次安全更新共发布了97个漏洞的补丁,主要修复了Windows Server 2022、Visual Studio Code等产品中的漏洞。在此次更新的补丁中,有7个漏洞被微软标记为严重漏洞,且发现Windows 通用日志文件系统驱动程序权限提升漏洞(CVE-2023-28252)存在在野利用。由于影响较大,新华三盾山实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。

1.2 重点漏洞

CVE-2023-21554 Microsoft 消息队列远程代码执行漏洞

该漏洞由于Microsoft消息排队中未对用户提供的数据进行过滤,当启用Windows 组件中的Windows 消息队列服务时,恶意攻击者通过构造并发送恶意的MSMQ 数据包,成功利用此漏洞可在目标服务器上执行任意代码,获取目标服务器的控制权限。

严重等级:严重 评分:9.8

CVE-2023-28250 Windows Pragmatic General Multicast (PGM) 远程代码执行漏洞

该漏洞由于Windows Pragmatic General Multicast (PGM)未对用户提供的数据进行过滤,当启用Windows消息队列服务时,恶意攻击者通过发送特制的文件,成功利用此漏洞可在目标服务器上执行任意代码。

严重等级:严重 评分:9.8

CVE-2023-28252 Windows 通用日志文件系统驱动程序特权提升漏洞

Windows CLFS 驱动程序中存在越界写入漏洞,具有低权限用户的恶意攻击者可以通过基本日志文件(.blf文件扩展名)的操作来触发该漏洞,成功利用此漏洞可将普通用户权限提升至SYSTEM权限。

严重等级:高危 评分:8.1

CVE-2023-28232 Windows点对点隧道协议远程代码执行漏洞

由于在Windows点对点隧道协议未对用户提供的数据进行过滤,恶意攻击者通过将构造的特殊数据发送给应用程序,成功利用此漏洞可在目标系统上执行任意代码。

严重等级:高危 评分:7.5

CVE-2023-28219/CVE-2023-28220 二层隧道协议远程代码执行漏洞

Windows的第二层隧道协议中存在条件竞争,未经身份验证的恶意攻击者通过向RAS服务器发送特殊请求,成功利用此漏洞可在目标系统上执行任意代码。

严重等级:高危 评分:8.1

2. 影响范围

CVE编号

受影响产品

CVE-2023-21554

CVE-2023-28219

CVE-2023-28220

CVE-2023-28232

CVE-2023-28250

CVE-2023-28252

CVE-2023-28285

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2023-28231

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

CVE-2023-28291

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

CVE-2023-28311

Microsoft Office LTSC for Mac 2021

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Office 2019 for Mac

3. 处置方法

3.1官方补丁

目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr

4. 参考链接

https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr

新华三官网
联系我们