政府电脑保安事故协调中心 - 高危保安警报 (A24-04-07): Microsoft 产品多个漏洞 (2024年4月)

描述:

Microsoft 发布了安全性更新，以应对影响数个 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址：
https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

有报告指 Microsoft Windows 及 Server 的漏洞 (CVE-2024-26234 及 CVE-2024-29988) 正受到攻击。系统管理员及用户应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

Microsoft Windows 10, 11
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
Microsoft Outlook for Windows
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise
Microsoft SharePoint Server 2016, 2019, Subscription Edition
Microsoft Visual Studio 2019, 2022
Microsoft .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET 6.0, 7.0, 8.0
Microsoft SQL Server 2019, 2022
Microsoft ODBC Driver 17, 18 for SQL Server
Microsoft OLE DB Driver 18, 19 for SQL Server
Microsoft Defender for IoT
Azure AI Search
Azure Compute Gallery
Azure CycleCloud 8.6.0
Azure Identity Library for .NET
Azure Kubernetes Service Confidential Containers
Azure Migrate
Azure Monitor Agent
Azure Private 5G Core
Azure Arc Cluster Extensions

microsoft.azstackhci.operator
microsoft.azure.hybridnetwork
microsoft.azurekeyvaultsecretsprovider
microsoft.iotoperations.mq
microsoft.networkfabricserviceextension
microsoft.openservicemesh
microsoft.videoindexer

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安功能或仿冒诈骗。

建议:

受影响系统的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的系统管理员及用户应遵从供应商的建议，立即採取行动以降低风险。

进一步资讯:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-april-2024
https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20669 (to CVE-2024-20670)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20688 (to CVE-2024-20689)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21322 (to CVE-2024-21324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23593 (to CVE-2024-23594)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26171 (to CVE-2024-26172)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26179 (to CVE-2024-26180)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26193 (to CVE-2024-26195)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26207 (to CVE-2024-26224)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26226 (to CVE-2024-26237)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26239 (to CVE-2024-26245)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26250 (to CVE-2024-26257)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28896 (to CVE-2024-28898)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28900 (to CVE-2024-28915)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28919 (to CVE-2024-28927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28929 (to CVE-2024-28945)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29043 (to CVE-2024-29048)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29052 (to CVE-2024-29056)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29061 (to CVE-2024-29064)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29982 (to CVE-2024-29985)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29988 (to CVE-2024-29990)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29992 (to CVE-2024-29993)

标签 : Microsoft , Windows , Windows Server , Outlook , Microsoft Office , Microsoft 365 Apps , SharePoint , Visual Studio , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft Azure