您所在的位置: 首頁(yè) >
安全研究 >
安全通告 >
CNNVD關(guān)于微軟多個(gè)安全漏洞的預(yù)警
一、漏洞介紹
近日,微軟官方發(fā)布了多個(gè)安全漏洞的公告,包括Windows Defender安全漏洞(CNNVD-202106-545、CVE-2021-31985)、Microsoft OfficeExcel安全漏洞(CNNVD-202106-503、CVE-2021-31939)等多個(gè)漏洞。成功利用上述漏洞的攻擊者可以在目標(biāo)系統(tǒng)上執(zhí)行任意代碼、獲取用戶數(shù)據(jù),提升權(quán)限等。微軟多個(gè)產(chǎn)品和系統(tǒng)受漏洞影響。目前,微軟官方已經(jīng)發(fā)布漏洞修復(fù)補(bǔ)丁,建議用戶及時(shí)確認(rèn)是否受到漏洞影響,盡快采取修補(bǔ)措施。
2021年6月9日,微軟發(fā)布了2021年6月份安全更新,共49個(gè)漏洞的補(bǔ)丁程序,CNNVD對(duì)這些漏洞進(jìn)行了收錄。本次更新主要涵蓋了Windows操作系統(tǒng)、Net Core、Office、Edge、SharePointServer、Hyper-V、 Visual Studio等。CNNVD對(duì)其危害等級(jí)進(jìn)行了評(píng)價(jià),其中高危漏洞有15個(gè),中危漏洞34個(gè)。微軟多個(gè)產(chǎn)品和系統(tǒng)版本受漏洞影響,具體影響范圍可訪問(wèn)https://portal.msrc.microsoft.com/zh-cn/security-guidance查詢。
二、漏洞詳情
此次更新共包括49個(gè)漏洞的補(bǔ)丁程序,其中高危漏洞有15個(gè),中危漏洞34個(gè)。
序號(hào) | 漏洞名稱 | CNNVD編號(hào) | CVE編號(hào) | 危害等級(jí) | 官方鏈接 |
1 | Microsoft Office Excel 安全漏洞 | CNNVD-202106-503 | CVE-2021-31939 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939 |
2 | Microsoft Office 安全漏洞 | CNNVD-202106-504 | CVE-2021-31940 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31940 |
3 | Microsoft Office 安全漏洞 | CNNVD-202106-500 | CVE-2021-31941 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31941 |
4 | 3D Viewer 安全漏洞 | CNNVD-202106-518 | CVE-2021-31942 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31942 |
5 | 3D Viewer 安全漏洞 | CNNVD-202106-517 | CVE-2021-31943 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31943 |
6 | Paint 3D 安全漏洞 | CNNVD-202106-522 | CVE-2021-31945 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31945 |
7 | Paint 3D 安全漏洞 | CNNVD-202106-525 | CVE-2021-31946 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31946 |
8 | Windows NTFS安全漏洞 | CNNVD-202106-515 | CVE-2021-31956 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31956 |
9 | Windows Kerberos 安全漏洞 | CNNVD-202106-534 | CVE-2021-31962 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31962 |
10 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202106-537 | CVE-2021-31967 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31967 |
11 | Microsoft Intune 安全漏洞 | CNNVD-202106-535 | CVE-2021-31980 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31980 |
12 | Paint 3D 安全漏洞 | CNNVD-202106-524 | CVE-2021-31983 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31983 |
13 | Windows Defender 安全漏洞 | CNNVD-202106-545 | CVE-2021-31985 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31985 |
14 | Microsoft DWM Core Library 安全漏洞 | CNNVD-202106-498 | CVE-2021-33739 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33739 |
15 | Windows MSHTML Platform安全漏洞 | CNNVD-202106-497 | CVE-2021-33742 | 高危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33742 |
16 | Windows Print Spooler Components 安全漏洞 | CNNVD-202106-513 | CVE-2021-1675 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675 |
17 | Windows DCOM Server 安全漏洞 | CNNVD-202106-546 | CVE-2021-26414 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26414 |
18 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-491 | CVE-2021-26420 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420 |
19 | Windows Cryptographic Services 安全漏洞 | CNNVD-202106-540 | CVE-2021-31199 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31199 |
20 | Windows Cryptographic Services 安全漏洞 | CNNVD-202106-541 | CVE-2021-31201 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31201 |
21 | Visual Studio Code 安全漏洞 | CNNVD-202106-538 | CVE-2021-31938 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31938 |
22 | 3D Viewer 安全漏洞 | CNNVD-202106-521 | CVE-2021-31944 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31944 |
23 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-490 | CVE-2021-31948 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948 |
24 | Microsoft Office Outlook 安全漏洞 | CNNVD-202106-499 | CVE-2021-31949 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31949 |
25 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-492 | CVE-2021-31950 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950 |
26 | Windows Kernel 安全漏洞 | CNNVD-202106-543 | CVE-2021-31951 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31951 |
27 | Windows Kernel-Mode Drivers安全漏洞 | CNNVD-202106-514 | CVE-2021-31952 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31952 |
28 | Microsoft Windows和Vulnerability 權(quán)限許可和訪問(wèn)控制問(wèn)題漏洞 | CNNVD-202106-509 | CVE-2021-31953 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31953 |
29 | Windows Common Log File System Driver 安全漏洞 | CNNVD-202106-508 | CVE-2021-31954 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 |
30 | Windows Kernel 安全漏洞 | CNNVD-202106-516 | CVE-2021-31955 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31955 |
31 | Visual Studio安全漏洞 | CNNVD-202106-495 | CVE-2021-31957 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957 |
32 | Windows NTLM安全漏洞 | CNNVD-202106-512 | CVE-2021-31958 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958 |
33 | Microsoft Scripting Engine 安全漏洞 | CNNVD-202106-505 | CVE-2021-31959 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31959 |
34 | Windows Bind Filter Driver 安全漏洞 | CNNVD-202106-536 | CVE-2021-31960 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31960 |
35 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-496 | CVE-2021-31963 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963 |
36 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-487 | CVE-2021-31964 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964 |
37 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-488 | CVE-2021-31965 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965 |
38 | Microsoft Office SharePoint安全漏洞 | CNNVD-202106-489 | CVE-2021-31966 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966 |
39 | Windows Remote Desktop 安全漏洞 | CNNVD-202106-531 | CVE-2021-31968 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31968 |
40 | Windows Drivers 安全漏洞 | CNNVD-202106-527 | CVE-2021-31969 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969 |
41 | Windows TCP/IP 安全漏洞 | CNNVD-202106-520 | CVE-2021-31970 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31970 |
42 | Windows HTML Platform 安全漏洞 | CNNVD-202106-519 | CVE-2021-31971 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31971 |
43 | Windows Event Logging Service 安全漏洞 | CNNVD-202106-511 | CVE-2021-31972 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31972 |
44 | Windows Installer 安全漏洞 | CNNVD-202106-510 | CVE-2021-31973 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31973 |
45 | Windows Network File System 安全漏洞 | CNNVD-202106-506 | CVE-2021-31974 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31974 |
46 | Windows Network File System 安全漏洞 | CNNVD-202106-507 | CVE-2021-31975 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31975 |
47 | Windows Network File System 安全漏洞 | CNNVD-202106-502 | CVE-2021-31976 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31976 |
48 | Hyper-V 安全漏洞 | CNNVD-202106-501 | CVE-2021-31977 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31977 |
49 | Windows Defender 安全漏洞 | CNNVD-202106-544 | CVE-2021-31978 | 中危 | 目前廠商已發(fā)布升級(jí)補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31978 |
三、修復(fù)建議
目前,微軟官方已經(jīng)發(fā)布補(bǔ)丁修復(fù)了上述漏洞,建議用戶及時(shí)確認(rèn)漏洞影響,盡快采取修補(bǔ)措施。微軟官方補(bǔ)丁下載地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD將繼續(xù)跟蹤上述漏洞的相關(guān)情況,及時(shí)發(fā)布相關(guān)信息。如有需要,可與CNNVD聯(lián)系。聯(lián)系方式:cnnvd@itsec.gov.cn
來(lái)源:CNNVD安全動(dòng)態(tài)