点击上方蓝字关注我们
1月9日是微软的2023 年 1 月补丁星期二,随之而来的是对一个积极利用的0day漏洞和总共 98 个漏洞的修复,其中 11 个被归类为“严重”漏洞。
值得重点关注的漏洞
本月的星期二补丁程序修复了一个0day漏洞,一个被积极利用,另一个被公开披露。
0day漏洞-CVE-2023-21674
微软表示这是一个沙盒逃逸漏洞,可以导致权限提升。
“成功利用此漏洞的攻击者可以获得 SYSTEM 权限,”微软的公告解释道。
目前尚不清楚威胁者如何在攻击中利用此漏洞,BleepingComputer 已联系 Avast 征求意见。
0day漏洞-CVE-2023-21549
2023年1月的周二补丁安全更新
标签 | CVE编号 | 漏洞名称 | 危害等级 |
.NET Core | CVE-2023-21538 | .NET Denial of Service Vulnerability | 重要的 |
3D Builder | CVE-2023-21782 | 3D Builder Remote Code Execution Vulnerabiity | 重要的 |
3D Builder | CVE-2023-21781 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21783 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21784 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21791 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21793 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21786 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21790 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21780 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21792 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21789 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21785 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21787 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
3D Builder | CVE-2023-21788 | 3D Builder Remote Code Execution Vulnerability | 重要的 |
Azure Service Fabric Container | CVE-2023-21531 | Azure Service Fabric Container Elevation of Privilege Vulnerability | 重要的 |
Microsoft Bluetooth Driver | CVE-2023-21739 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | 重要的 |
Microsoft Exchange Server | CVE-2023-21764 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 重要的 |
Microsoft Exchange Server | CVE-2023-21763 | Microsoft Exchange Server Elevation of Privilege Vulnerability | 重要的 |
Microsoft Exchange Server | CVE-2023-21762 | Microsoft Exchange Server Spoofing Vulnerability | 重要的 |
Microsoft Exchange Server | CVE-2023-21761 | Microsoft Exchange Server Information Disclosure Vulnerability | 重要的 |
Microsoft Exchange Server | CVE-2023-21745 | Microsoft Exchange Server Spoofing Vulnerability | 重要的 |
Microsoft Graphics Component | CVE-2023-21680 | Windows Win32k Elevation of Privilege Vulnerability | 重要的 |
Microsoft Graphics Component | CVE-2023-21532 | Windows GDI Elevation of Privilege Vulnerability | 重要的 |
Microsoft Graphics Component | CVE-2023-21552 | Windows GDI Elevation of Privilege Vulnerability | 重要的 |
Microsoft Local Security Authority Server (lsasrv) | CVE-2023-21728 | Windows Netlogon Denial of Service Vulnerability | 重要的 |
Microsoft Message Queuing | CVE-2023-21537 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | 重要的 |
Microsoft Office | CVE-2023-21734 | Microsoft Office Remote Code Execution Vulnerability | 重要的 |
Microsoft Office | CVE-2023-21735 | Microsoft Office Remote Code Execution Vulnerability | 重要的 |
Microsoft Office SharePoint | CVE-2023-21742 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 重要的 |
Microsoft Office SharePoint | CVE-2023-21743 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | 严重的 |
Microsoft Office SharePoint | CVE-2023-21744 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 重要的 |
Microsoft Office Visio | CVE-2023-21741 | Microsoft Office Visio Information Disclosure Vulnerability | 重要的 |
Microsoft Office Visio | CVE-2023-21736 | Microsoft Office Visio Remote Code Execution Vulnerability | 重要的 |
Microsoft Office Visio | CVE-2023-21737 | Microsoft Office Visio Remote Code Execution Vulnerability | 重要的 |
Microsoft Office Visio | CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | 重要的 |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-21681 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 重要的 |
Visual Studio Code | CVE-2023-21779 | Visual Studio Code Remote Code Execution | 重要的 |
Windows ALPC | CVE-2023-21674 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 重要的 |
Windows Ancillary Function Driver for WinSock | CVE-2023-21768 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 重要的 |
Windows Authentication Methods | CVE-2023-21539 | Windows Authentication Remote Code Execution Vulnerability | 重要的 |
Windows Backup Engine | CVE-2023-21752 | Windows Backup Service Elevation of Privilege Vulnerability | 重要的 |
Windows Bind Filter Driver | CVE-2023-21733 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | 重要的 |
Windows BitLocker | CVE-2023-21563 | BitLocker Security Feature Bypass Vulnerability | 重要的 |
Windows Boot Manager | CVE-2023-21560 | Windows Boot Manager Security Feature Bypass Vulnerability | 重要的 |
Windows Credential Manager | CVE-2023-21726 | Windows Credential Manager User Interface Elevation of Privilege Vulnerability | 重要的 |
Windows Cryptographic Services | CVE-2023-21559 | Windows Cryptographic Information Disclosure Vulnerability | 重要的 |
Windows Cryptographic Services | CVE-2023-21551 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 严重的 |
Windows Cryptographic Services | CVE-2023-21561 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 严重的 |
Windows Cryptographic Services | CVE-2023-21540 | Windows Cryptographic Information Disclosure Vulnerability | 重要的 |
Windows Cryptographic Services | CVE-2023-21730 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | 严重的 |
Windows Cryptographic Services | CVE-2023-21550 | Windows Cryptographic Information Disclosure Vulnerability | 重要的 |
Windows DWM Core Library | CVE-2023-21724 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | 重要的 |
Windows Error Reporting | CVE-2023-21558 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 重要的 |
Windows Event Tracing | CVE-2023-21536 | Event Tracing for Windows Information Disclosure Vulnerability | 重要的 |
Windows IKE Extension | CVE-2023-21758 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 重要的 |
Windows IKE Extension | CVE-2023-21683 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 重要的 |
Windows IKE Extension | CVE-2023-21677 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability | 重要的 |
Windows Installer | CVE-2023-21542 | Windows Installer Elevation of Privilege Vulnerability | 重要的 |
Windows Internet Key Exchange (IKE) Protocol | CVE-2023-21547 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | 重要的 |
Windows iSCSI | CVE-2023-21527 | Windows iSCSI Service Denial of Service Vulnerability | 重要的 |
Windows Kernel | CVE-2023-21755 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Kernel | CVE-2023-21753 | Event Tracing for Windows Information Disclosure Vulnerability | 重要的 |
Windows Layer 2 Tunneling Protocol | CVE-2023-21556 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 严重的 |
Windows Layer 2 Tunneling Protocol | CVE-2023-21555 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 严重的 |
Windows Layer 2 Tunneling Protocol | CVE-2023-21543 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 严重的 |
Windows Layer 2 Tunneling Protocol | CVE-2023-21546 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 严重的 |
Windows Layer 2 Tunneling Protocol | CVE-2023-21679 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 严重的 |
Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-21676 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 重要的 |
Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-21557 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 重要的 |
Windows Local Security Authority (LSA) | CVE-2023-21524 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 重要的 |
Windows Local Session Manager (LSM) | CVE-2023-21771 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | 重要的 |
Windows Malicious Software Removal Tool | CVE-2023-21725 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | 重要的 |
Windows Management Instrumentation | CVE-2023-21754 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows NTLM | CVE-2023-21746 | Windows NTLM Elevation of Privilege Vulnerability | 重要的 |
Windows ODBC Driver | CVE-2023-21732 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 重要的 |
Windows Overlay Filter | CVE-2023-21766 | Windows Overlay Filter Information Disclosure Vulnerability | 重要的 |
Windows Overlay Filter | CVE-2023-21767 | Windows Overlay Filter Elevation of Privilege Vulnerability | 重要的 |
Windows Point-to-Point Tunneling Protocol | CVE-2023-21682 | Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability | 重要的 |
Windows Print Spooler Components | CVE-2023-21760 | Windows Print Spooler Elevation of Privilege Vulnerability | 重要的 |
Windows Print Spooler Components | CVE-2023-21765 | Windows Print Spooler Elevation of Privilege Vulnerability | 重要的 |
Windows Print Spooler Components | CVE-2023-21678 | Windows Print Spooler Elevation of Privilege Vulnerability | 重要的 |
Windows Remote Access Service L2TP Driver | CVE-2023-21757 | Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability | 重要的 |
Windows RPC API | CVE-2023-21525 | Remote Procedure Call Runtime Denial of Service Vulnerability | 重要的 |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21548 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 严重的 |
Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-21535 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 严重的 |
Windows Smart Card | CVE-2023-21759 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | 重要的 |
Windows Task Scheduler | CVE-2023-21541 | Windows Task Scheduler Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21772 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21748 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21773 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21747 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21776 | Windows Kernel Information Disclosure Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21774 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21750 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21675 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Virtual Registry Provider | CVE-2023-21749 | Windows Kernel Elevation of Privilege Vulnerability | 重要的 |
Windows Workstation Service | CVE-2023-21549 | Windows SMB Witness Service Elevation of Privilege Vulnerability | 重要的 |
来源:bleepingcomputer
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...