关于我们

质量为本、客户为根、勇于拼搏、务实创新

< 返回

【安全通告】“微软补丁日” 多个产品高危漏洞风险通告

发布时间:2023-02-20 11:32:17

尊敬的棉花云用户,您好!

       互联网安全运营中心监测到, 微软发布了2023年2月的例行安全更新公告,共涉及漏洞数75个,严重漏洞9个。本次发布涉及 Microsoft Protected Extensible Authentication Protocol (PEAP) 、Windows iSCSI Discovery Service、Microsoft Office 和 Office 组件、微软 SQL Server、Microsoft Graphics Component、.NET 核心、.NET框架和 Visual Studio 等产品和相关组件的安全更新。


为避免您的业务受影响,棉花云安全建议您及时开展安全自查,如在受影响范围,请您及时进行更新修复,避免被外部攻击者入侵。


漏洞详情

在此次公告中以下漏洞微软用户可重点关注:


Microsoft Protected Extensible Authentication Protocol (PEAP)远程代码执行漏洞(CVE-2023-21692、CVE-2023-21690、CVE-2023-21689):

该漏洞CVSSv3评分9.8。其中 CVE-2023-21690 和 CVE-2023-21692 是通过发送特制的PEAP恶意数据包进行的利用,而 CVE-2023-21689 通过网络调用在服务器上执行任意代码。该漏洞被官方标记为被利用可能性较大。


Windows iSCSI Discovery Service远程代码执行漏洞(CVE-2023-21803):

该漏洞CVSSv3评分9.8。该漏洞通过向运行 iSCSI Discovery Service 的 Windows 主机发送恶意的 DHCP 发现请求来利用此漏洞,成功利用可导致攻击者远程执行代码。该漏洞仅影响 32 位版本的Windows,并且仅在 iSCSI Initiator 客户端应用程序正在运行时才能利用此漏洞。在默认情况下 iSCSI Initiator 客户端应用程序不被启用。


Microsoft Exchange Server 远程代码执行漏洞(CVE-2023-21529、CVE-2023-21706、CVE-2023-21707):

该漏洞CVSSv3评分8.8。该漏洞允许任何有权限访问 Exchange PowerShell 后端的用户执行任意代码,从而接管 Exchange 服务器。该漏洞被官方标记为利用可能性极大。


Windows Common Log File System Driver 特权提升漏洞(CVE-2023-23376):

该漏洞CVSSv3评分7.8。低权限攻击者可利用该漏洞在目标系统获取 SYSTEM 权限。目前该漏洞被官方标记为已发现在野利用。


风险等级

高风险


漏洞风险

攻击者利用该漏洞可导致远程代码执行等危害


影响版本

CVE-2023-21692、CVE-2023-21690、CVE-2023-21689:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


CVE-2023-21803:

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 1809 for 32-bit Systems



CVE-2023-21529、CVE-2023-21706、CVE-2023-21707:

Microsoft Exchange Server 2016 Cumulative Update 23

Microsoft Exchange Server 2013 Cumulative Update 23

Microsoft Exchange Server 2019 Cumulative Update 11

Microsoft Exchange Server 2019 Cumulative Update 12


CVE-2023-23376:

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems


安全版本

微软2023年2月最新补丁


修复建议

官方已发布漏洞补丁及修复版本,请评估业务是否受影响后,酌情升级至安全版本


【备注】:建议您在升级前做好数据备份工作,避免出现意外


漏洞参考

https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21692 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21690 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21689 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21803 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21529 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21706 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21707 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376 


棉花云


/template/Home/Cloud/PC/Static

立即注册棉花云账号,开启您的轻松上云之旅

立即注册