政府电脑保安事故协调中心 - 高危保安警报 (A24-07-05): Microsoft 产品多个漏洞 (2024年7月)

描述:

Microsoft 发布了安全性更新，以应对影响数个 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址：
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

有报告指 Microsoft Windows 及 Server 的多个漏洞 (CVE-2024-38080 及 CVE-2024-38112) 正受到攻击，而 Microsoft Windows、Visual Studio 及 .NET 的技术详情已被公开。另外，多个远端执行程式码漏洞 (CVE-2024-38023、CVE-2024-38060、CVE-2024-38074、CVE-2024-38076 及 CVE-2024-38077) 亦正处于被攻击的高风险。系统管理员及用户应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

Microsoft Windows 10, 11
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
Microsoft Office 2016, 2019, LTSC 2021
Microsoft Outlook 2016
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019, Subscription Edition
Microsoft Visual Studio 2022
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET 8.0
Microsoft SQL Server 2016, 2017, 2019, 2022
Microsoft OLE DB Driver 18, 19 for SQL Server
Microsoft Defender for IoT
Microsoft 365 Apps for Enterprise
Azure CycleCloud
Azure DevOps Server 2022
Azure Kinect SDK
Azure Network Watcher VM Extension for Windows

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安功能或仿冒诈骗。

建议:

受影响系统的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的系统管理员及用户应遵从供应商的建议，立即採取行动以降低风险。

进一步资讯:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-july-2024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21331 (to CVE-2024-21333)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21414 (to CVE-2024-21415)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35266 (to CVE-2024-35267)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35270 (to CVE-2024-35272)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37318 (to CVE-2024-37324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37326 (to CVE-2024-37334)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37969 (to CVE-2024-37975)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37977 (to CVE-2024-37978)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37984 (to CVE-2024-37989)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38010 (to CVE-2024-38011)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38019 (to CVE-2024-38025)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38027 (to CVE-2024-38028)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38030 (to CVE-2024-38034)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38043 (to CVE-2024-38044)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38047 (to CVE-2024-38062)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38064 (to CVE-2024-38074)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38076 (to CVE-2024-38081)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38085 (to CVE-2024-38089)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38091 (to CVE-2024-38092)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38094 (to CVE-2024-38095)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38099 (to CVE-2024-38102)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38104 (to CVE-2024-38105)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39684

标签 : Microsoft , Windows , Windows Server , Microsoft Office , Outlook , SharePoint , Visual Studio , Dynamics 365 , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft 365 Apps , Microsoft Azure