政府電腦保安事故協調中心 - 高危保安警報 (A24-04-07): Microsoft 產品多個漏洞 (2024年4月)

描述:

Microsoft 發布了安全性更新，以應對影響數個 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址：
https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr

有報告指 Microsoft Windows 及 Server 的漏洞 (CVE-2024-26234 及 CVE-2024-29988) 正受到攻擊。系統管理員及用戶應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

Microsoft Windows 10, 11
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
Microsoft Outlook for Windows
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise
Microsoft SharePoint Server 2016, 2019, Subscription Edition
Microsoft Visual Studio 2019, 2022
Microsoft .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET 6.0, 7.0, 8.0
Microsoft SQL Server 2019, 2022
Microsoft ODBC Driver 17, 18 for SQL Server
Microsoft OLE DB Driver 18, 19 for SQL Server
Microsoft Defender for IoT
Azure AI Search
Azure Compute Gallery
Azure CycleCloud 8.6.0
Azure Identity Library for .NET
Azure Kubernetes Service Confidential Containers
Azure Migrate
Azure Monitor Agent
Azure Private 5G Core
Azure Arc Cluster Extensions

microsoft.azstackhci.operator
microsoft.azure.hybridnetwork
microsoft.azurekeyvaultsecretsprovider
microsoft.iotoperations.mq
microsoft.networkfabricserviceextension
microsoft.openservicemesh
microsoft.videoindexer

影響:

成功利用漏洞可以在受影響的系統導致遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安功能或仿冒詐騙。

建議:

受影響系統的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的系統管理員及用戶應遵從供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-april-2024
https://www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20669 (to CVE-2024-20670)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20685
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20688 (to CVE-2024-20689)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21322 (to CVE-2024-21324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21424
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23593 (to CVE-2024-23594)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26171 (to CVE-2024-26172)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26179 (to CVE-2024-26180)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26193 (to CVE-2024-26195)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26207 (to CVE-2024-26224)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26226 (to CVE-2024-26237)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26239 (to CVE-2024-26245)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26250 (to CVE-2024-26257)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28896 (to CVE-2024-28898)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28900 (to CVE-2024-28915)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28917
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28919 (to CVE-2024-28927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28929 (to CVE-2024-28945)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29043 (to CVE-2024-29048)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29052 (to CVE-2024-29056)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29061 (to CVE-2024-29064)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29982 (to CVE-2024-29985)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29988 (to CVE-2024-29990)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29992 (to CVE-2024-29993)

標籤 : Microsoft , Windows , Windows Server , Outlook , Microsoft Office , Microsoft 365 Apps , SharePoint , Visual Studio , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft Azure