漏洞 2022-12-16
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞56个,影响到微软产品的其他厂商漏洞0个。包括Microsoft Graphics Component 安全漏洞(CNNVD-202212-3145、CVE-2022-26804)、Microsoft Graphics Component 安全漏洞(CNNVD-202212-3123、CVE-2022-26805)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2022年12月13日,微软发布了2022年12月份安全更新,共56个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Fax Compose Form、Microsoft Windows Hyper-V、Microsoft Windows Print Spooler Components、Microsoft Windows DirectX、Microsoft Windows Error Reporting等。CNNVD对其危害等级进行了评价,其中高危漏洞45个,中危漏洞10个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问
https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、漏洞详情
此次更新共包括48个新增漏洞的补丁程序,其中高危漏洞40个,中危漏洞8个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3145 | CVE-2022-26804 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26804 |
2 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3123 | CVE-2022-26805 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26805 |
3 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3122 | CVE-2022-26806 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26806 |
4 | Microsoft Windows PowerShell 安全漏洞 | CNNVD-202212-3016 | CVE-2022-41076 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41076 |
5 | Microsoft Windows Fax Compose Form 安全漏洞 | CNNVD-202212-3014 | CVE-2022-41077 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41077 |
6 | Microsoft .NET Framework 安全漏洞 | CNNVD-202212-2976 | CVE-2022-41089 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089 |
7 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202212-3013 | CVE-2022-41094 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41094 |
8 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3012 | CVE-2022-41121 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41121 |
9 | Microsoft Dynamics 安全漏洞 | CNNVD-202212-3159 | CVE-2022-41127 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127 |
10 | Microsoft Windows Contacts 安全漏洞 | CNNVD-202212-3011 | CVE-2022-44666 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44666 |
11 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202212-3009 | CVE-2022-44667 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44667 |
12 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202212-3010 | CVE-2022-44668 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44668 |
13 | Microsoft Windows Error Reporting 安全漏洞 | CNNVD-202212-3007 | CVE-2022-44669 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44669 |
14 | Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞 | CNNVD-202212-3006 | CVE-2022-44670 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44670 |
15 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3004 | CVE-2022-44671 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44671 |
16 | Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞 | CNNVD-202212-3003 | CVE-2022-44673 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44673 |
17 | Microsoft Bluetooth Driver 安全漏洞 | CNNVD-202212-3001 | CVE-2022-44675 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44675 |
18 | Microsoft Windows Secure Socket Tunneling Protocol 安全漏洞 | CNNVD-202212-2999 | CVE-2022-44676 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44676 |
19 | Microsoft Projected File System 安全漏洞 | CNNVD-202212-2996 | CVE-2022-44677 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44677 |
20 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202212-2992 | CVE-2022-44678 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44678 |
21 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-2991 | CVE-2022-44680 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44680 |
22 | Microsoft Windows Print Spooler Components 安全漏洞 | CNNVD-202212-2993 | CVE-2022-44681 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44681 |
23 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202212-2981 | CVE-2022-44683 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44683 |
24 | Microsoft Windows Codecs Library 安全漏洞 | CNNVD-202212-3152 | CVE-2022-44687 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44687 |
25 | Microsoft Windows Subsystem for Linux 安全漏洞 | CNNVD-202212-2980 | CVE-2022-44689 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44689 |
26 | Microsoft SharePoint 安全漏洞 | CNNVD-202212-3018 | CVE-2022-44690 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44690 |
27 | Microsoft Office 安全漏洞 | CNNVD-202212-3121 | CVE-2022-44691 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44691 |
28 | Microsoft Office 安全漏洞 | CNNVD-202212-3098 | CVE-2022-44692 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44692 |
29 | Microsoft SharePoint 安全漏洞 | CNNVD-202212-3017 | CVE-2022-44693 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44693 |
30 | Microsoft Office Visio 安全漏洞 | CNNVD-202212-3084 | CVE-2022-44694 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44694 |
31 | Microsoft Office Visio 安全漏洞 | CNNVD-202212-3070 | CVE-2022-44695 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44695 |
32 | Microsoft Office Visio 安全漏洞 | CNNVD-202212-3057 | CVE-2022-44696 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44696 |
33 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-2979 | CVE-2022-44697 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44697 |
34 | Microsoft Windows Terminal 安全漏洞 | CNNVD-202212-3149 | CVE-2022-44702 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44702 |
35 | Microsoft SysInternals 安全漏洞 | CNNVD-202212-3148 | CVE-2022-44704 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44704 |
36 | Microsoft Windows DirectX 安全漏洞 | CNNVD-202212-2978 | CVE-2022-44710 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44710 |
37 | Microsoft Outlook 安全漏洞 | CNNVD-202212-3053 | CVE-2022-44713 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44713 |
38 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3050 | CVE-2022-47211 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47211 |
39 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3046 | CVE-2022-47212 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47212 |
40 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3044 | CVE-2022-47213 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-47213 |
41 | Microsoft Outlook 安全漏洞 | CNNVD-202212-3157 | CVE-2022-24480 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24480 |
42 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-3015 | CVE-2022-41074 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41074 |
43 | Microsoft Bluetooth Driver 安全漏洞 | CNNVD-202212-3002 | CVE-2022-44674 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44674 |
44 | Microsoft Graphics Component 安全漏洞 | CNNVD-202212-2997 | CVE-2022-44679 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44679 |
45 | Microsoft Windows Hyper-V 安全漏洞 | CNNVD-202212-2983 | CVE-2022-44682 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44682 |
46 | Microsoft Windows SmartScreen 安全漏洞 | CNNVD-202212-2977 | CVE-2022-44698 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698 |
47 | Microsoft Azure 安全漏洞 | CNNVD-202212-3150 | CVE-2022-44699 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44699 |
48 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202212-2975 | CVE-2022-44707 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44707 |
此次更新共包括8个更新漏洞的补丁程序,其中高危漏洞5个,中危漏洞2个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft SPNEGO Extended Negotiation 安全漏洞 | CNNVD-202209-818 | CVE-2022-37958 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958 |
2 | Microsoft Windows Kerberos 安全漏洞 | CNNVD-202211-2288 | CVE-2022-37967 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967 |
3 | Microsoft Windows Active Directory 安全漏洞 | CNNVD-202210-594 | CVE-2022-38042 | 高危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38042 |
4 | Microsoft Exchange Server 安全漏洞 | CNNVD-202211-2394 | CVE-2022-41078 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078 |
5 | Microsoft Exchange Server 安全漏洞 | CNNVD-202211-2380 | CVE-2022-41079 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079 |
6 | Microsoft Windows Defender 安全漏洞 | CNNVD-202208-2556 | CVE-2022-34704 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34704 |
7 | Microsoft Windows Portable Device Enumerator Service 安全漏洞 | CNNVD-202210-458 | CVE-2022-38032 | 中危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38032 |
8 | Microsoft Office 安全漏洞 | CNNVD-202210-403 | CVE-2022-41043 | 低危 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41043 |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
通讯地址:北京市海淀区海淀南路甲21号中关村知识产权大厦A座2层206、207室 邮政编码:100080
电话:010-62565314 刘莉 京ICP证16064523号-2 版权所有:北京软件和信息服务业协会
技术支持:中科服 内容支持:鑫网安