描述:
Microsoft 发布了安全性更新以应对数个影响 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表,请参考以下网址:
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-May
有报告指在 Microsoft Windows 10 及部分 Windows Server 版本的远端执行程式码漏洞有可能被攻击。系统管理员应立即为受影响的系统安装修补程式,以减低受到网络攻击的风险。
受影响的系统:
- Microsoft Internet Explorer 9, 11
- Microsoft Windows 7, 8.1, RT 8.1, 10
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
- Microsoft Windows Server, version 1909, version 2004, version 20H2
- Microsoft Office 2013, 2013 RT, 2016, 2019, 2019 for Mac
- Microsoft Office Online Server
- Microsoft Office Web Apps Server 2013
- Microsoft Excel 2013, 2013 RT, 2016
- Microsoft Word 2013, 2013 RT, 2016
- Microsoft 365 Apps for Enterprise
- Microsoft Exchange Server 2013, 2016, 2019
- Microsoft Accessibility Insights for Web
- Microsoft SharePoint Foundation 2013
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
- Microsoft Visual Studio 2019
- .NET 5.0, Core 3.1
- Dynamics 365 for Finance and Operations
- Microsoft Lync Server 2013
- Skype for Business Server 2015, 2019
- Visual Studio 2019 for Mac version 8.9
- Visual Studio Code, Remote - Containers Extension
- Web Media Extensions
- common_utils.py (Neural Network Intelligence)
影响:
成功利用这些漏洞可以导致远端执行程式码、权限提升、泄漏资讯、服务受阻断、绕过保安功能及仿冒诈骗,视乎攻击者利用哪个漏洞而定。
建议:
受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议,立即采取行动以降低风险。
进一步信息:
- https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-May
- https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-may
- https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/microsoft-releases-may-2021-security-updates
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27068
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28455
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28461
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31165 (to CVE-2021-31182)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31184 (to CVE-2021-31188)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31190 (to CVE-2021-31195)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31200
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31207 (to CVE-2021-31209)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31936