正文

【风险通告】微软1月安全更新补丁和多个高危漏洞风险提示高危漏洞风险提示

admin
admin V管理员 /0 评论 /180 阅读
0111
此篇文章发布距今已超过317天,您需要注意文章的内容或图片是否可用!

漏洞公告

微软官方发布了1月安全更新公告,包含了Microsoft Common Log File System Driver、Win32k、Windows Kernel、Remote Desktop Client和Windows Cloud Files Mini Filter Driver等微软家族多个软件的安全更新补丁。请相关用户及时更新对应补丁修复漏洞。

根据公告,此次更新中修复的Microsoft通用日志文件系统权限提升漏洞(CVE-2024-20653)、Win32k特权提升漏洞(CVE-2024-20683)、Windows 内核权限提升漏洞(CVE-2024-20698)、远程桌面客户端远程代码执行漏洞 (CVE-2024-21307)、Windows Cloud Files Mini Filter驱动程序特权提升漏洞(CVE-2024-21310)风险较大。建议尽快安装安全更新补丁或采取临时缓解措施加固系统。


01

漏洞详情

CVE编号

漏洞名称

危害等级

应急响应等级

CVE-2024-20653

Microsoft通用日志文件系统权限提升漏洞

高危

2级

CVE-2024-20683

Win32k特权提升漏洞

高危

2级

CVE-2024-20698

Windows内核权限提升漏洞

高危

2级

CVE-2024-20307

远程桌面客户端远程代码执行漏洞

高危

2级

CVE-2024-21310

Windows Cloud Files Mini Filter 驱动程序特权提升漏洞

高危

2级

02

重点关注漏洞

1、Microsoft 通用日志文件系统权限提升漏洞 (CVE-2024-20653)

漏洞类型

权限提升

漏洞标签

Microsoft

POC情况

未发现

EXP情况

未发现

在野利用情况

未发现

研究情况

分析中

CVSS3.1 评分

7.8

安恒CERT编号

DM-202311-003627

影响版本

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量

访问途径(AV)

本地

攻击复杂度(AC)


所需权限(PR)


用户交互(UI)

不需要用户交互

影响范围 (S)

不变

机密性影响 (C)


完整性影响 (I)


可用性影响 (A)

2、Win32k 特权提升漏洞 (CVE-2024-20683)

漏洞类型

权限提升

漏洞标签

Microsoft

POC情况

未发现

EXP情况

未发现

在野利用情况

未发现

研究情况

分析中

CVSS3.1 评分

7.8

安恒CERT编号

DM-202311-003657

影响版本

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量

访问途径(AV)

本地

攻击复杂度(AC)


所需权限(PR)


用户交互(UI)

不需要用户交互

影响范围 (S)

不变

机密性影响 (C)


完整性影响 (I)


可用性影响 (A)

3、Windows 内核权限提升漏洞 (CVE-2024-20698)

漏洞类型

权限提升

漏洞标签

Microsoft

POC情况

未发现

EXP情况

未发现

在野利用情况

未发现

研究情况

分析中

CVSS3.1评分

7.8

安恒CERT编号

DM-202311-003672

影响版本

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based SystemsV
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量

访问途径(AV)

本地

攻击复杂度(AC)


所需权限(PR)


用户交互(UI)

不需要用户交互

影响范围 (S)

不变

机密性影响 (C)


完整性影响 (I)


可用性影响 (A)

4、远程桌面客户端远程代码执行漏洞 (CVE-2024-21307)

漏洞类型

远程代码执行

漏洞标签

Microsoft

POC情况

已发现

EXP情况

未发现

在野利用情况

未发现

研究情况

已复现

CVSS3.1评分

7.8

安恒CERT编号

DM-202312-001414

影响版本

Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)

CVSS向量

访问途径(AV)

网络

攻击复杂度(AC)

所需权限(PR)

无需任何权限

用户交互(UI)

需要用户交互

影响范围 (S)

不变

机密性影响 (C)


完整性影响 (I)


可用性影响 (A)

远程桌面客户端远程代码执行漏洞(CVE-2024-21307)由安恒研究院卫兵实验室发现并协助微软修复

5、Windows Cloud Files Mini Filter驱动程序特权提升漏洞 (CVE-2024-21310)

漏洞类型

权限提升

漏洞标签

Microsoft

POC情况

未发现

EXP情况

未发现

在野利用情况

未发现

研究情况

分析中

CVSS3.1评分

7.8

安恒CERT编号

DM-202312-001417

影响版本

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)

CVSS向量

访问途径(AV)

本地

攻击复杂度(AC)


所需权限(PR)


用户交互(UI)

不需要用户交互

影响范围 (S)

不变

机密性影响 (C)


完整性影响 (I)


可用性影响 (A)

03

修复方案

官方修复方案:

目前微软针对支持的产品已发布升级补丁修复了上述漏洞,请用户参考官方通告及时下载更新补丁。补丁获取:https://msrc.microsoft.com/update-guide/vulnerability
Windows 更新:

自动更新:Microsoft Update默认启用,当系统检测到可用更新时,将会自动下载更新并在下一次启动时安装。

手动更新:

1、点击“开始菜单”或按Windows快捷键,点击进入“设置”。

2、选择“更新和安全”,进入“Windows更新”(Windows 8、Windows 8.1、Windows Server 2012以及Windows Server 2012 R2可通过控制面板进入“Windows更新”,具体步骤为“控制面板”->“系统和安全”->“Windows更新”)。3、选择“检查更新”,等待系统将自动检查并下载可用更新。

4、重启计算机,安装更新系统重新启动后,可通过进入“Windows更新”->“查看更新历史记录”查看是否成功安装了更新。

04

参考资料

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jan

https://msrc.microsoft.com/update-guide/vulnerability/

05

技术支持

如有漏洞相关需求支持请联系400-6777-677获取相关能力支撑


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
宙飒zhousa.om