漏洞概要
2025年8月13日(北京时间),微软发布了2025年8月安全更新,共发布了107个CVE的补丁程序,比上月减少了33个。
在漏洞安全等级方面,存在12个标记等级为“Critical”的漏洞,92个漏洞被标记为“Important/High”等级的漏洞;在漏洞类型方面,主要有35个远程代码执行漏洞,42个权限提升漏洞以及16个信息泄露漏洞。
重要漏洞分析
漏洞分析
GDI+远程代码执行漏洞CVE-2025-53766
WindowsGDI+是微软在WindowsXP和WindowsServer2003引入的一个图形编程接口,用来取代和扩展传统的GDI。
它的主要作用是为应用程序提供更丰富、更现代化的2D图形功能,并且简化图形编程工作。
其中存在远程代码执行漏洞,攻击者可以利用该漏洞在目标系统执行任意代码。经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
WindowsNTLM权限提升漏洞CVE-2025-53778
WindowsNTLM是一种由微软开发的身份验证协议,主要用于在Windows环境中验证用户身份、保护数据完整性,以及在一定程度上加密数据传输。
其中存在权限提升漏洞,攻击者可以利用该漏洞在目标系统获取更高的权限。经过评估,危害比较大,我们建议用户及时更新微软安全补丁。
影响范围
漏洞名称、CVE编号 | 受影响版本 |
GDI+远程代码执行漏洞CVE-2025-53766 | WindowsServer2025(ServerCoreinstallation) WindowsServer2025 WindowsServer2022,23H2Edition(ServerCoreinstallation) WindowsServer2022(ServerCoreinstallation) WindowsServer2022 WindowsServer2019(ServerCoreinstallation) WindowsServer2019 WindowsServer2016(ServerCoreinstallation) WindowsServer2016 WindowsServer2012R2(ServerCoreinstallation) WindowsServer2012R2 WindowsServer2012(ServerCoreinstallation) WindowsServer2012 WindowsServer2008R2forx64-basedSystemsServicePack1(ServerCoreinstallation) WindowsServer2008R2forx64-basedSystemsServicePack1 WindowsServer2008forx64-basedSystemsServicePack2(ServerCoreinstallation) WindowsServer2008forx64-basedSystemsServicePack2 WindowsServer2008for32-bitSystemsServicePack2(ServerCoreinstallation) WindowsServer2008for32-bitSystemsServicePack2 Windows11Version24H2forx64-basedSystems Windows11Version24H2forARM64-basedSystems Windows11Version23H2forx64-basedSystems Windows11Version23H2forARM64-basedSystems Windows11Version22H2forx64-basedSystems Windows11Version22H2forARM64-basedSystems Windows10Version22H2forx64-basedSystems Windows10Version22H2forARM64-basedSystems Windows10Version22H2for32-bitSystems Windows10Version21H2forx64-basedSystems Windows10Version21H2forARM64-basedSystems Windows10Version21H2for32-bitSystems Windows10Version1809forx64-basedSystems Windows10Version1809for32-bitSystems Windows10Version1607forx64-basedSystems Windows10Version1607for32-bitSystems Windows10forx64-basedSystems Windows10for32-bitSystems MicrosoftOfficeforUniversal MicrosoftOfficeforAndroid |
WindowsNTLM权限提升漏洞CVE-2025-53778 | WindowsServer2025(ServerCoreinstallation) WindowsServer2025 WindowsServer2022,23H2Edition(ServerCoreinstallation) WindowsServer2022(ServerCoreinstallation) WindowsServer2022 WindowsServer2019(ServerCoreinstallation) WindowsServer2019 WindowsServer2016(ServerCoreinstallation) WindowsServer2016 WindowsServer2012R2(ServerCoreinstallation) WindowsServer2012R2 WindowsServer2012(ServerCoreinstallation) WindowsServer2012 WindowsServer2008R2forx64-basedSystemsServicePack1(ServerCoreinstallation) WindowsServer2008R2forx64-basedSystemsServicePack1 WindowsServer2008forx64-basedSystemsServicePack2(ServerCoreinstallation) WindowsServer2008forx64-basedSystemsServicePack2 WindowsServer2008for32-bitSystemsServicePack2(ServerCoreinstallation) WindowsServer2008for32-bitSystemsServicePack2 Windows11Version24H2forx64-basedSystems Windows11Version24H2forARM64-basedSystems Windows11Version23H2forx64-basedSystems Windows11Version23H2forARM64-basedSystems Windows11Version22H2forx64-basedSystems Windows11Version22H2forARM64-basedSystems Windows10Version22H2forx64-basedSystems Windows10Version22H2forARM64-basedSystems Windows10Version22H2for32-bitSystems Windows10Version21H2forx64-basedSystems Windows10Version21H2forARM64-basedSystems Windows10Version21H2for32-bitSystems Windows10Version1809forx64-basedSystems Windows10Version1809for32-bitSystems Windows10Version1607forx64-basedSystems Windows10Version1607for32-bitSystems Windows10forx64-basedSystems Windows10for32-bitSystems |
官方修复建议
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁。
- 上一篇:没有了
- 下一篇:WinRAR 目录遍历漏洞(CVE-2025-8088)