- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
新华三盾山实验室
2023/07/12
2023年7月,新华三盾山实验室监测发现Microsoft官方发布了7月安全更新,共发布130个漏洞的补丁信息,主要修复了Windows Visual Studio、Microsoft Office、Windows SharePoint Server 等产品中的漏洞。在此次更新的补丁中,有9个漏洞被微软标记为严重漏洞,由于影响较大,新华三盾山实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
Windows Netlogon中存在信息泄露漏洞,恶意攻击者利用该漏洞可以截获客户端与服务器之间的通信,从而导致敏感信息泄露。
严重等级:高危 评分:7.4
Windows MSHTML Platform中存在特权提升漏洞,恶意攻击者要利用此漏洞,需要诱导受害者打开经过特殊设计的文件,从而获取当前用户权限。
严重等级:高危 评分:7.8
Windows SmartScreen中存在安全特性绕过漏洞,恶意攻击者可以诱导用户点击特制URL,绕过“安全警告”提示从而在系统上执行任意代码,危害用户系统。
严重等级:严重 评分:8.8
Windows Message Queuing中存在远程代码执行漏洞,恶意攻击者可以通过发送恶意 MSMQ 数据包至 MSMQ 服务器,从而导致在服务器端执行远程代码。
严重等级:严重 评分:9.8
Microsoft SharePoint Server 中存在远程代码执行漏洞,经过身份验证的恶意攻击者,可利用管理权限在SharePoint服务器上远程执行恶意代码。
严重等级:严重 评分:8.8
Microsoft Outlook存在远程代码执行漏洞,恶意攻击者可以诱导受害者打开经过特殊设计的恶意文件,从而触发该漏洞,实现远程代码执行。
严重等级:中危 评分:6.8
Microsoft SharePoint存在远程代码执行漏洞,经过身份验证的恶意攻击者可以获取创建站点的访问权限,并且可以在 SharePoint Server 中远程执行代码,此漏洞还可能导致目标环境停机。
严重等级:严重 评分:8.8
Microsoft SharePoint Server存在远程代码执行漏洞,恶意攻击者可以利用该漏洞在SharePoint 服务器上远程执行代码,此漏洞还可能导致目标环境停机。
严重等级:严重 评分:8.8
Windows Pragmatic General Multicast (PGM)存在远程代码执行漏洞,恶意攻击者可以发送特定数据包到服务器触发漏洞,从而在目标系统上执行代码。
严重等级:高危 评分:7.5
Microsoft Outlook存在安全特性绕过漏洞,恶意攻击者可以通过诱骗受害者点击特制的URL,绕过 Microsoft Outlook 安全通知提示并在系统上执行任意代码。
严重等级:严重 评分:8.8
Microsoft VOLSNAP.SYS存在特权提升漏洞,恶意攻击者成功利用此漏洞可以将自身权限提升至管理员特权。
严重等级:高危 评分:7.3
Windows Layer-2 Bridge Network Driver存在代码执行漏洞,未经身份验证的攻击者可以通过向配置为第 2 层桥接的 Windows Server 发送特制请求来利用此漏洞执行任意代码。
严重等级:严重 评分:8.8
Windows Remote Desktop存在安全特性绕过漏洞,成功利用此漏洞的攻击者可以在建立远程桌面协议会话时绕过证书或私钥身份验证。
严重等级:高危 评分:7.5
Windows Routing and Remote Access Service (RRAS)存在多个代码执行漏洞,恶意攻击者通过将构建的数据包发送到受影响的路由或服务器,从而执行远程代码。
严重等级:严重 评分:9.8
Azure Active Directory存在安全特性绕过漏洞,通过利用此漏洞,恶意攻击者可以绕过系统安全限制。
严重等级:中危 评分:6.5
Windows Error Reporting Service存在权限提升漏洞,具有对目标机器的本地访问权限的攻击者,可利用此漏洞提升至管理员权限。
严重等级:高危 评分:7.8
Office and Windows HTML存在远程执行代码漏洞,恶意攻击者可以诱导受害者打开特制的Microsoft Office 文档,从而可以在受害者的系统中执行远程代码。
严重等级:高危 评分:8.3
CVE编号 | 受影响产品 |
CVE-2023-21526 CVE-2023-32046 CVE-2023-32057 CVE-2023-35297 CVE-2023-35365 CVE-2023-35366 CVE-2023-35367 CVE-2023-36874 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems |
CVE-2023-32049 | Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-33134 CVE-2023-33157 CVE-2023-33160 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
CVE-2023-33153 | Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions |
CVE-2023-35311 | Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 (64-bit editions) Microsoft Outlook 2013 (32-bit editions) Microsoft Outlook 2016 (64-bit edition) Microsoft Office 2019 for 64-bit editions Microsoft Outlook 2016 (32-bit edition) Microsoft Office 2019 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office LTSC 2021 for 32-bit editions Microsoft 365 Apps for Enterprise for 32-bit Systems |
CVE-2023-35312 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems |
CVE-2023-35315 | Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-35352 | Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 |
CVE-2023-36871 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-36884 | Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul
产品与解决方案
售前咨询
售后咨询
人工在线咨询
