• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 关于我们

微软10月补丁日安全通告

【发布时间:2023-10-18】

新华三盾山实验室

2023/10/11

1. 漏洞综述

1.1 漏洞背景

2023年10月,新华三盾山实验室监测发现Microsoft官方发布了10月安全更新,共发布104个漏洞的补丁信息,主要修复了修复了Windows Server 2022、Microsoft Office、.NET 7.0 等产品中的漏洞。在此次更新的补丁中,有12个漏洞被微软标记为严重漏洞,且部分漏洞存在在野利用,由于影响较大,新华三盾山实验室建议广大用户及时做好资产自查以及预防工作,以免遭受黑客攻击。

1.2 重点漏洞

CVE-2023-36778 Microsoft Exchange Server 代码执行漏洞

Microsoft Exchange Server存在代码执行漏洞,由于cmdlet 参数验证不当所,经过身份验证的恶意攻击者向服务器发送特制数据包,并通过PowerShell 远程会话执行任意代码。

严重等级:高危 评分:8.0

CVE-2023-35349 Microsoft Message Queuing 代码执行漏洞

Microsoft Message Queuing存在代码执行漏洞,由于对用户提供的输入验证不足,恶意攻击者通过将特制的输入传递给应用程序,成功利用此漏洞可在目标系统上执行任意代码,获取目标系统的控制权限。

严重等级:严重 评分:9.8

CVE-2023-36780 Skype for Business 代码执行漏洞

Skype for Business存在 代码执行漏洞该漏洞,由于Skype for Business 中用户提供的输入验证不足,恶意攻击者可以将特制的输入传递给应用程序,成功利用此漏洞可在目标系统上执行任意代码。

严重等级:高危 评分:7.2

CVE-2023-41763 Skype for Business 权限提升漏洞

Skype for Business 存在权限提升漏洞,由于应用程序输出过多的数据,恶意攻击者成功利用此漏洞可访问敏感信息。

严重等级:中危 评分:6.5

CVE-2023-36563 Microsoft WordPad 信息泄露漏洞

Microsoft WordPad存在信息泄露漏洞,由于写字板中NTLM 哈希值的泄露,恶意攻击者通过诱骗受害者打开特制文件,成功利用此漏洞可获取敏感信息的访问权限。

严重等级:中危 评分:6.5

CVE-2023-36776 Win32k权限提升漏洞

Win32k 存在权限提升漏洞,由于 Win32k 中的竞争条件造成的,恶意攻击者可以利用竞争并获得对敏感信息的未经授权的访问并升级系统权限。

严重等级:高危 评分:7.0

2. 影响范围

CVE编号

受影响产品

CVE-2023-35349

CVE-2023-36697

CVE-2023-41770

CVE-2023-41765

CVE-2023-36722

CVE-2023-41766

CVE-2023-36594

CVE-2023-36776

CVE-2023-36563

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

CVE-2023-36718

Windows 10 Version 21H2 for x64-based Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 for x64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

CVE-2023-36780

CVE-2023-41763

Skype for Business Server 2015 CU13

Skype for Business Server 2019 CU7

CVE-2023-36778

Microsoft Exchange Server 2019 Cumulative Update 12

Microsoft Exchange Server 2019 Cumulative Update 13

Microsoft Exchange Server 2016 Cumulative Update 23

CVE-2023-38159

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

3. 处置方法

3.1官方补丁

目前,微软官方已经发布针对此漏洞的补丁程序,建议用户通过以下链接尽快安装补丁程序:

https://msrc.microsoft.com/update-guide/releaseNote/2023-oct

4. 参考链接

https://msrc.microsoft.com/update-guide/releaseNote/2023-oct

新华三官网
联系我们