漏洞概要
2024年7月10日(北京时间),微软发布了2024 年 7月安全更新,共发布了141个CVE的补丁程序,同比上月增加了83个。
在漏洞安全等级方面,存在5个标记等级为“Critical”的漏洞,133个漏洞被标记为“Important/High”等级的漏洞; 在漏洞类型方面,主要有59个远程代码执行漏洞,26个权限提升漏洞以及8个信息泄露漏洞。
重要漏洞分析
Windows Hyper-V 特权提升漏洞 CVE-2024-38080
Hyper-V,代号Viridian,旧称Windows Server Virtualization,是Microsoft的本地虚拟机管理程序,它可以在运行x86-64位的Windows上创建虚拟机。
其中存在特权提升漏洞,攻击者可以利用该漏洞在目标系统获取SYSTEM权限。该漏洞存在在野利用,经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows MSHTML 平台欺骗漏洞 CVE-2024-38112
排版引擎是一种软件组件,负责获取标记式内容(如HTML、XML及图像文件等等)、整理信息(如CSS及XSL等),并将排版后的内容输出至显示器或打印机。MSHTML是微软的Windows搭载的网页浏览器—Internet Explorer的排版引擎的名称。
其中存在欺骗漏洞,且攻击者需要欺骗受害者执行恶意文件,对受害者机器的机密、完整、可用性造成损害。该漏洞存在在野利用,经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
影响范围
受影响版本 | |
Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 | |
Windows 10 Version 1809 for 32-bit Systems Windows Server 2019 Windows 11 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2022 Windows 11 version 21H2 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows Server 2019 (Server Core installation) Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 10 Version 1809 for ARM64-based Systems Windows Server 2016 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 for 32-bit Systems Windows 11 Version 23H2 for x64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2012 R2 |
官方修复建议
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁。
- 上一篇:没有了
- 下一篇:OpenSSH 远程代码执行漏洞(CVE-2024-6387)