- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
BOB登陆
攻防實驗室
2023/02/15
2023年2月15日,BOB登陆 攻防實驗室威脅預警團隊監測發現Microsoft官方發布了2月安全更新,此次安全更新共發布了76個漏洞的補丁,主要修複了Microsoft Office、Microsoft Exchange Server、Windows Common Log File System Driver、Windows Active Directory、Windows HTTP.sys等產品中的漏洞。在此次更新的補丁中,有9個漏洞被微軟標記為嚴重漏洞,且部分漏洞已被發現在野利用。由於影響較大,BOB登陆 攻防實驗室建議廣大用戶及時做好資產自查以及預防工作,以免遭受黑客攻擊。
Microsoft Exchange Server存在多個遠程代碼執行漏洞(CVE-2023-21707、CVE-2023-21706、CVE-2023-21529)。經過身份驗證的遠程攻擊者成功利用這些漏洞可在目標服務器上執行任意代碼。微軟將這些漏洞標記為“Exploitation More Likely。
Windows Common Log File System Driver存在權限提升漏洞,經過身份驗證的惡意攻擊者可通過執行特製程序,成功利用此漏洞可獲取SYSTEM權限。
Microsoft Publisher存在安全特性繞過漏洞,惡意攻擊者通過誘導用戶從網站下載並打開特製文件,成功利用此漏洞可以繞過用於阻止不受信任或惡意文件的Office宏策略。
Windows Graphics Component存在權限提升漏洞,經過身份驗證的惡意攻擊者利用此漏洞可獲取SYSTEM權限。
Microsoft Word存在遠程代碼執行漏洞,未經身份驗證的惡意攻擊者通過發送帶有富文本格式 (RTF) 負載的電子郵件並誘導用戶打開,成功利用此漏洞可在目標係統上以受害者用戶權限執行任意代碼。
CVE編號 | 受影響產品 |
CVE-2023-21706 CVE-2023-21707 CVE-2023-21529 | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 |
CVE-2023-23376 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-21715 | Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems |
CVE-2023-21716 | Windows Server 2012 R2 (Server Core installation) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for Mac Microsoft Office Online Server SharePoint Server Subscription Edition Language Pack Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC for Mac 2021 |
CVE-2023-21823 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Microsoft Office for iOS Microsoft Office for Universal Microsoft Office for Android |
目前,微軟官方已經發布針對此漏洞的補丁程序,建議用戶通過以下鏈接盡快安裝補丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
產品與解決方案
