政府電腦保安事故協調中心 - 高危保安警報 (A24-07-05): Microsoft 產品多個漏洞 (2024年7月)

描述:

Microsoft 發布了安全性更新，以應對影響數個 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址：
https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul

有報告指 Microsoft Windows 及 Server 的多個漏洞 (CVE-2024-38080 及 CVE-2024-38112) 正受到攻擊，而 Microsoft Windows、Visual Studio 及 .NET 的技術詳情已被公開。另外，多個遠端執行程式碼漏洞 (CVE-2024-38023、CVE-2024-38060、CVE-2024-38074、CVE-2024-38076 及 CVE-2024-38077) 亦正處於被攻擊的高風險。系統管理員及用戶應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

Microsoft Windows 10, 11
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition
Microsoft Office 2016, 2019, LTSC 2021
Microsoft Outlook 2016
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019, Subscription Edition
Microsoft Visual Studio 2022
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
.NET 8.0
Microsoft SQL Server 2016, 2017, 2019, 2022
Microsoft OLE DB Driver 18, 19 for SQL Server
Microsoft Defender for IoT
Microsoft 365 Apps for Enterprise
Azure CycleCloud
Azure DevOps Server 2022
Azure Kinect SDK
Azure Network Watcher VM Extension for Windows

影響:

成功利用漏洞可以在受影響的系統導致遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安功能或仿冒詐騙。

建議:

受影響系統的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的系統管理員及用戶應遵從供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-july-2024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21331 (to CVE-2024-21333)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21373
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21414 (to CVE-2024-21415)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21425
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21428
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35266 (to CVE-2024-35267)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35270 (to CVE-2024-35272)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37318 (to CVE-2024-37324)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37326 (to CVE-2024-37334)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37336
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37969 (to CVE-2024-37975)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37977 (to CVE-2024-37978)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37984 (to CVE-2024-37989)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38010 (to CVE-2024-38011)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38019 (to CVE-2024-38025)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38027 (to CVE-2024-38028)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38030 (to CVE-2024-38034)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38043 (to CVE-2024-38044)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38047 (to CVE-2024-38062)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38064 (to CVE-2024-38074)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38076 (to CVE-2024-38081)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38085 (to CVE-2024-38089)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38091 (to CVE-2024-38092)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38094 (to CVE-2024-38095)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38099 (to CVE-2024-38102)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38104 (to CVE-2024-38105)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39684

標籤 : Microsoft , Windows , Windows Server , Microsoft Office , Outlook , SharePoint , Visual Studio , Dynamics 365 , .NET Framework , .NET , SQL Server , Microsoft Defender , Microsoft 365 Apps , Microsoft Azure