漏洞概要
2024年10月9日(北京时间),微软发布了2024 年 10月安全更新,共发布了121个CVE的补丁程序,同比上月增加了42个。
在漏洞安全等级方面,存在3个标记等级为“Critical”的漏洞,116个漏洞被标记为“Important/High”等级的漏洞; 在漏洞类型方面,主要有46个远程代码执行漏洞,28个权限提升漏洞以及6个信息泄露漏洞。
重要漏洞分析
漏洞分析
Microsoft 管理控制台远程代码执行漏洞 CVE-2024-43572
Microsoft管理控制台(MMC)用于创建、保存和打开管理工具,进而管理Microsoft Windows 操作系统的硬件、软件和网络组件。
其中存在远程执行代码漏洞,攻击者可以利用该漏洞在目标系统执行任意代码。该漏洞存在在野利用,经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
Windows MSHTML 平台欺骗漏洞 CVE-2024-43573
排版引擎是一种软件组件,负责获取标记式内容(如HTML、XML及图像文件等等)、整理信息(如CSS及XSL等),并将排版后的内容输出至显示器或打印机。MSHTML是微软的Windows搭载的网页浏览器—Internet Explorer的排版引擎的名称。
其中存在欺骗漏洞,攻击者可以利用该漏洞通过发送误导性的数据使系统将攻击者认证为其他用户,从而获取非法信息。该漏洞经过评估,危害比较大,且存在在野利用,我们建议用户及时更新微软安全补丁。
影响范围
漏洞名称、CVE编号 | 受影响版本 |
Microsoft 管理控制台远程代码执行漏洞 CVE-2024-43572 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 21H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
Windows MSHTML 平台欺骗漏洞 CVE-2024-43573 | Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows 10 for x64-based Systems Windows 10 Version 1607 for x64-based Systems Windows Server 2016 Windows 10 for 32-bit Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows Server 2019 (Server Core installation) Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2019 Windows 10 Version 21H2 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 21H2 for x64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows Server 2022 Windows 10 Version 22H2 for ARM64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems |
官方修复建议
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁。
- 上一篇:没有了
- 下一篇:Redis 缓冲区溢出漏洞(CVE-2024-31449)