CNNVD关于微软多个安全漏洞的通报(更新版)
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞118个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Windows Network File System代码注入漏洞(CNNVD-202204-3112、CVE-2022-24491)、Microsoft Windows RemoteProcedure Call Runtime 代码注入漏洞(CNNVD-202204-3019、CVE-2022-26809)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年4月19日,微软发布了2022年4月份安全更新,共120个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Lightweight DirectoryAccess、Microsoft DNS、MicrosoftDynamics 365和Microsoft Dynamics、Microsoft Windows Local Security Authority Subsystem Service、Microsoft Windows File等。CNNVD对其危害等级进行了评价,其中超危漏洞2个,高危漏洞88个,中危漏洞30个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问
https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括116个漏洞的补丁程序,其中超危漏洞2个,高危漏洞87个,中危漏洞27个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Network File System代码注入漏洞 | CNNVD-202204-3112 | CVE-2022-24491 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491 |
2 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3019 | CVE-2022-26809 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809 |
3 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202204-3175 | CVE-2022-21983 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21983 |
4 | Microsoft Hyper-V安全漏洞 | CNNVD-202204-3171 | CVE-2022-22008 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22008 |
5 | Microsoft Hyper-V安全漏洞 | CNNVD-202204-3172 | CVE-2022-22009 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22009 |
6 | Microsoft Hyper-V安全漏洞 | CNNVD-202204-3177 | CVE-2022-23257 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23257 |
7 | Microsoft Dynamics 365和Microsoft Dynamics 输入验证错误漏洞 | CNNVD-202204-3184 | CVE-2022-23259 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23259 |
8 | Microsoft Office Sharepoint Server安全漏洞 | CNNVD-202204-3194 | CVE-2022-24472 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472 |
9 | Microsoft Excel 代码注入漏洞 | CNNVD-202204-3104 | CVE-2022-24473 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24473 |
10 | Microsoft Win32K 权限许可和访问控制问题漏洞 | CNNVD-202204-3107 | CVE-2022-24474 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24474 |
11 | Microsoft Windows Feedback Hub 权限许可和访问控制问题漏洞 | CNNVD-202204-3198 | CVE-2022-24479 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24479 |
12 | Microsoft Windows Common Log File System Driver权限许可和访问控制问题漏洞 | CNNVD-202204-3200 | CVE-2022-24481 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24481 |
13 | Microsoft Windows SMB Server 代码注入漏洞 | CNNVD-202204-3109 | CVE-2022-24485 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24485 |
14 | Microsoft Kerberos for Windows权限许可和访问控制问题漏洞 | CNNVD-202204-3201 | CVE-2022-24486 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24486 |
15 | Microsoft Windows Local Security Authority Subsystem Service输入验证错误漏洞 | CNNVD-202204-3196 | CVE-2022-24487 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24487 |
16 | Microsoft Windows App Store 权限许可和访问控制问题漏洞 | CNNVD-202204-3192 | CVE-2022-24488 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24488 |
17 | Microsoft Windows Cluster Shared Volume 权限许可和访问控制问题漏洞 | CNNVD-202204-3189 | CVE-2022-24489 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24489 |
18 | Microsoft Hyper-V 信息泄露漏洞 | CNNVD-202204-3119 | CVE-2022-24490 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24490 |
19 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3113 | CVE-2022-24492 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24492 |
20 | Microsoft Windows Ancillary Function Driver for WinSock权限许可和访问控制问题漏洞 | CNNVD-202204-3128 | CVE-2022-24494 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24494 |
21 | Microsoft Windows Media Foundation 输入验证错误漏洞 | CNNVD-202204-3123 | CVE-2022-24495 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24495 |
22 | Microsoft Windows Local Security Authority Subsystem Service 权限许可和访问控制问题漏洞 | CNNVD-202204-3136 | CVE-2022-24496 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24496 |
23 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202204-3117 | CVE-2022-24499 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24499 |
24 | Microsoft Windows SMB Server输入验证错误漏洞 | CNNVD-202204-3116 | CVE-2022-24500 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24500 |
25 | Microsoft Visual Studio 安全漏洞 | CNNVD-202204-3059 | CVE-2022-24513 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24513 |
26 | Microsoft Windows Common Log File System Driver安全漏洞 | CNNVD-202204-3115 | CVE-2022-24521 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521 |
27 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3114 | CVE-2022-24527 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24527 |
28 | Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞 | CNNVD-202204-3110 | CVE-2022-24528 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24528 |
29 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202204-3105 | CVE-2022-24530 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24530 |
30 | Microsoft Windows Codecs Library 输入验证错误漏洞 | CNNVD-202204-3186 | CVE-2022-24532 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24532 |
31 | Microsoft Windows代码注入漏洞 | CNNVD-202204-3100 | CVE-2022-24533 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24533 |
32 | Microsoft Windows SMB Server 安全漏洞 | CNNVD-202204-3099 | CVE-2022-24534 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24534 |
33 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3098 | CVE-2022-24536 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24536 |
34 | Microsoft Hyper-V 安全漏洞 | CNNVD-202204-3097 | CVE-2022-24537 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24537 |
35 | Microsoft Hyper-V信息泄露漏洞 | CNNVD-202204-3095 | CVE-2022-24539 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24539 |
36 | Microsoft Windows ALPC竞争条件问题漏洞 | CNNVD-202204-3088 | CVE-2022-24540 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24540 |
37 | Microsoft Windows SMB Server 输入验证错误漏洞 | CNNVD-202204-3087 | CVE-2022-24541 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24541 |
38 | Microsoft Win32k 权限许可和访问控制问题漏洞 | CNNVD-202204-3086 | CVE-2022-24542 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24542 |
39 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-3126 | CVE-2022-24543 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24543 |
40 | Microsoft Kerberos for Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3085 | CVE-2022-24544 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24544 |
41 | Microsoft Kerberos for Windows 输入验证错误漏洞 | CNNVD-202204-3084 | CVE-2022-24545 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24545 |
42 | Microsoft DWM Core Library 权限许可和访问控制问题漏洞 | CNNVD-202204-3083 | CVE-2022-24546 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24546 |
43 | Microsoft Windows Media Foundation权限许可和访问控制问题漏洞 | CNNVD-202204-3073 | CVE-2022-24547 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24547 |
44 | Microsoft Windows AppX Deployment Extensions权限许可和访问控制问题漏洞 | CNNVD-202204-3072 | CVE-2022-24549 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24549 |
45 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202204-3071 | CVE-2022-24550 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24550 |
46 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3053 | CVE-2022-26786 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26786 |
47 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3067 | CVE-2022-26787 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26787 |
48 | Microsoft PowerShell Utility权限许可和访问控制问题漏洞 | CNNVD-202204-3062 | CVE-2022-26788 | 高危 | https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26788 |
49 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3054 | CVE-2022-26789 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26789 |
50 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3050 | CVE-2022-26790 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26790 |
51 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3052 | CVE-2022-26791 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26791 |
52 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3045 | CVE-2022-26792 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26792 |
53 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3044 | CVE-2022-26793 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26793 |
54 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3043 | CVE-2022-26794 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26794 |
55 | Microsoft Windows Print Spooler Components 权限许可和访问控制问题漏洞 | CNNVD-202204-3042 | CVE-2022-26795 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795 |
56 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3041 | CVE-2022-26796 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26796 |
57 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3033 | CVE-2022-26797 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26797 |
58 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3032 | CVE-2022-26798 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26798 |
59 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3031 | CVE-2022-26801 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26801 |
60 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3030 | CVE-2022-26802 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26802 |
61 | Microsoft Windows Print Spooler Components权限许可和访问控制问题漏洞 | CNNVD-202204-3029 | CVE-2022-26803 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26803 |
62 | Microsoft Windows Work Folder Service竞争条件问题漏洞 | CNNVD-202204-3021 | CVE-2022-26807 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26807 |
63 | Microsoft Windows File Explorer 权限许可和访问控制问题漏洞 | CNNVD-202204-3020 | CVE-2022-26808 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26808 |
64 | Microsoft Windows File Server 权限许可和访问控制问题漏洞 | CNNVD-202204-3018 | CVE-2022-26810 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26810 |
65 | Microsoft DNS Server代码注入漏洞 | CNNVD-202204-3017 | CVE-2022-26811 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26811 |
66 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3015 | CVE-2022-26812 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26812 |
67 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3006 | CVE-2022-26813 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26813 |
68 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-3004 | CVE-2022-26815 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26815 |
69 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2989 | CVE-2022-26823 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26823 |
70 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2986 | CVE-2022-26824 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26824 |
71 | Microsoft DNS Server代码注入漏洞 | CNNVD-202204-2971 | CVE-2022-26825 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26825 |
72 | Microsoft DNS Server 代码注入漏洞 | CNNVD-202204-2972 | CVE-2022-26826 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26826 |
73 | Microsoft Windows File Server竞争条件问题漏洞 | CNNVD-202204-2970 | CVE-2022-26827 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26827 |
74 | Microsoft Bluetooth Driver竞争条件问题漏洞 | CNNVD-202204-2969 | CVE-2022-26828 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26828 |
75 | Microsoft Windows SMB Server 输入验证错误漏洞 | CNNVD-202204-3055 | CVE-2022-26830 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26830 |
76 | Microsoft Lightweight Directory Access Protocol输入验证错误漏洞 | CNNVD-202204-2965 | CVE-2022-26831 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26831 |
77 | Microsoft .NET Framework输入验证错误漏洞 | CNNVD-202204-3008 | CVE-2022-26832 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26832 |
78 | Microsoft Azure Site Recovery 输入验证错误漏洞 | CNNVD-202204-3220 | CVE-2022-26898 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26898 |
79 | Microsoft Excel 代码注入漏洞 | CNNVD-202204-3106 | CVE-2022-26901 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26901 |
80 | Microsoft Graphics Components输入验证错误漏洞 | CNNVD-202204-3066 | CVE-2022-26903 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26903 |
81 | Microsoft Windows 竞争条件问题漏洞 | CNNVD-202204-2936 | CVE-2022-26904 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904 |
82 | Microsoft Win32k 权限许可和访问控制问题漏洞 | CNNVD-202204-2956 | CVE-2022-26914 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26914 |
83 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-2953 | CVE-2022-26915 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26915 |
84 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-2948 | CVE-2022-26916 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26916 |
85 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-2949 | CVE-2022-26917 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26917 |
86 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202204-2950 | CVE-2022-26918 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26918 |
87 | Microsoft Lightweight Directory Access Protocol输入验证错误漏洞 | CNNVD-202204-2946 | CVE-2022-26919 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26919 |
88 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202204-3290 | CVE-2022-26921 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26921 |
89 | Microsoft YARP reverse proxy 安全漏洞 | CNNVD-202204-3292 | CVE-2022-26924 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26924 |
90 | Microsoft Hyper-V安全漏洞 | CNNVD-202204-3197 | CVE-2022-23268 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23268 |
91 | Microsoft Power BI 安全漏洞 | CNNVD-202204-3199 | CVE-2022-23292 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23292 |
92 | Microsoft Windows Kernel信息泄露漏洞 | CNNVD-202204-3188 | CVE-2022-24483 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24483 |
93 | Microsoft Windows Cluster Shared Volume 输入验证错误漏洞 | CNNVD-202204-3108 | CVE-2022-24484 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24484 |
94 | Microsoft Local Security Authority Server 信息泄露漏洞 | CNNVD-202204-3130 | CVE-2022-24493 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24493 |
95 | Microsoft Windows 信息泄露漏洞 | CNNVD-202204-3121 | CVE-2022-24498 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24498 |
96 | Microsoft Windows Cluster Shared Volume 输入验证错误漏洞 | CNNVD-202204-3096 | CVE-2022-24538 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24538 |
97 | Microsoft Defender 输入验证错误漏洞 | CNNVD-202204-3203 | CVE-2022-24548 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24548 |
98 | Git for Windows 代码问题漏洞 | CNNVD-202204-3058 | CVE-2022-24767 | 中危 | https://github.com/git-for-windows/git/security/advisories/GHSA-gf48-x3vr-j5c3 |
99 | Microsoft Hyper-V信息泄露漏洞 | CNNVD-202204-3070 | CVE-2022-26783 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26783 |
100 | Microsoft Windows Cluster Shared Volume 输入验证错误漏洞 | CNNVD-202204-3069 | CVE-2022-26784 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26784 |
101 | Microsoft Hyper-V信息泄露漏洞 | CNNVD-202204-3068 | CVE-2022-26785 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26785 |
102 | Microsoft Windows Active Directory 竞争条件问题漏洞 | CNNVD-202204-3005 | CVE-2022-26814 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26814 |
103 | Microsoft DNS Server 信息泄露漏洞 | CNNVD-202204-3007 | CVE-2022-26816 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26816 |
104 | Microsoft Windows Active Directory 竞争条件问题漏洞 | CNNVD-202204-3002 | CVE-2022-26817 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26817 |
105 | Microsoft DNS Server代码注入漏洞 | CNNVD-202204-3003 | CVE-2022-26818 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26818 |
106 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202204-2992 | CVE-2022-26819 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26819 |
107 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202204-2991 | CVE-2022-26820 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26820 |
108 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202204-2990 | CVE-2022-26821 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26821 |
109 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202204-2988 | CVE-2022-26822 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26822 |
110 | Microsoft DNS Server 竞争条件问题漏洞 | CNNVD-202204-2968 | CVE-2022-26829 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829 |
111 | Microsoft Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3222 | CVE-2022-26896 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26896 |
112 | Microsoft Azure Site Recovery 信息泄露漏洞 | CNNVD-202204-3218 | CVE-2022-26897 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26897 |
113 | Microsoft Azure SDK 信息泄露漏洞 | CNNVD-202204-3252 | CVE-2022-26907 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907 |
114 | Microsoft Skype for Business Server 安全漏洞 | CNNVD-202204-3074 | CVE-2022-26910 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26910 |
115 | Microsoft Skype for Business Server 信息泄露漏洞 | CNNVD-202204-3195 | CVE-2022-26911 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911 |
116 | Microsoft Graphics Components信息泄露漏洞 | CNNVD-202204-2976 | CVE-2022-26920 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26920 |
此次更新共包括2个漏洞的补丁程序,其中高危漏洞1个,中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Visual Studio 权限许可和访问控制问题漏洞 | CNNVD-202112-1181 | CVE-2021-43877 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43877 |
2 | Microsoft Windows 安全特征问题特征问题漏洞 | CNNVD-202110-805 | CVE-2021-41337 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41337 |
此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | Google brotli Library 缓冲区错误漏洞 | CNNVD-202009-910 | CVE-2020-8927 | 中危 | https://github.com/google/brotli/releases/tag/v1.0 | |
2 | Git for Windows 代码问题漏洞 | CNNVD-202204-2943 | CVE-2022-24765 | 中危 | 个人开发者 | https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn