- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
新华三攻防实验室
2023/02/15
2023年2月15日,新华三攻防实验室威胁预警团队监测发现Microsoft官方发布了2月安全更新,此次安全更新共发布了76个漏洞的补丁,主要修复了Microsoft Office、Microsoft Exchange Server、Windows Common Log File System Driver、Windows Active Directory、Windows HTTP.sys等产品中的漏洞。在此次更新的补丁中,有9个漏洞被微软标记为严重漏洞,且部分漏洞已被发现在野利用。由于影响较大,新华三攻防实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。
Microsoft Exchange Server存在多个远程代码执行漏洞(CVE-2023-21707、CVE-2023-21706、CVE-2023-21529)。经过身份验证的远程攻击者成功利用这些漏洞可在目标服务器上执行任意代码。微软将这些漏洞标记为“Exploitation More Likely。
Windows Common Log File System Driver存在权限提升漏洞,经过身份验证的恶意攻击者可通过执行特制程序,成功利用此漏洞可获取SYSTEM权限。
Microsoft Publisher存在安全特性绕过漏洞,恶意攻击者通过诱导用户从网站下载并打开特制文件,成功利用此漏洞可以绕过用于阻止不受信任或恶意文件的Office宏策略。
Windows Graphics Component存在权限提升漏洞,经过身份验证的恶意攻击者利用此漏洞可获取SYSTEM权限。
Microsoft Word存在远程代码执行漏洞,未经身份验证的恶意攻击者通过发送带有富文本格式 (RTF) 负载的电子邮件并诱导用户打开,成功利用此漏洞可在目标系统上以受害者用户权限执行任意代码。
CVE编号 | 受影响产品 |
CVE-2023-21706 CVE-2023-21707 CVE-2023-21529 | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2016 Cumulative Update 23 |
CVE-2023-23376 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2023-21715 | Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft 365 Apps for Enterprise for 64-bit Systems |
CVE-2023-21716 | Windows Server 2012 R2 (Server Core installation) Microsoft Word 2013 Service Pack 1 (64-bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Office Web Apps Server 2013 Service Pack 1 Microsoft Word 2016 (32-bit edition) Microsoft Word 2016 (64-bit edition) Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft Office 2019 for Mac Microsoft Office Online Server SharePoint Server Subscription Edition Language Pack Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office LTSC 2021 for 64-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC for Mac 2021 |
CVE-2023-21823 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Microsoft Office for iOS Microsoft Office for Universal Microsoft Office for Android |
目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb
产品与解决方案
售前咨询
售后咨询
人工在线咨询
