近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞66个,影响到微软产品的其他厂商漏洞2个。包括Microsoft Visual Studio 安全漏洞(CNNVD-202405-1901、CVE-2024-32002)、Microsoft Windows Task Scheduler 后置链接漏洞(CNNVD-202405-1984、CVE-2024-26238)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年5月14日,微软发布了2024年5月份安全更新,共68个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft SharePoint、Microsoft Visual Studio、.NET and Visual Studio、Microsoft Windows Remote Access Connection Manager、Microsoft Win32k等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞32个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共包括61个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞34个,中危漏洞26个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202405-1901 |
CVE-2024-32002 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32002 |
2 |
Microsoft Windows Task Scheduler 后置链接漏洞 |
CNNVD-202405-1984 |
CVE-2024-26238 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26238 |
3 |
Microsoft Windows SCSI Class System File 缓冲区错误漏洞 |
CNNVD-202405-1981 |
CVE-2024-29994 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29994 |
4 |
Microsoft Windows Common Log File System Driver 缓冲区错误漏洞 |
CNNVD-202405-1980 |
CVE-2024-29996 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29996 |
5 |
Microsoft OLE DB Provider for SQL Server 资源管理错误漏洞 |
CNNVD-202405-1970 |
CVE-2024-30006 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30006 |
6 |
Microsoft Brokering File System 安全漏洞 |
CNNVD-202405-1969 |
CVE-2024-30007 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30007 |
7 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1967 |
CVE-2024-30009 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30009 |
8 |
Microsoft Windows Hyper-V 安全漏洞 |
CNNVD-202405-1966 |
CVE-2024-30010 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30010 |
9 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1963 |
CVE-2024-30014 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30014 |
10 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1962 |
CVE-2024-30015 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30015 |
11 |
Microsoft Windows Hyper-V 安全漏洞 |
CNNVD-202405-1961 |
CVE-2024-30017 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30017 |
12 |
Microsoft Windows Kernel 后置链接漏洞 |
CNNVD-202405-1958 |
CVE-2024-30018 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30018 |
13 |
Microsoft Windows Cryptographic Services 安全漏洞 |
CNNVD-202405-1959 |
CVE-2024-30020 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30020 |
14 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1955 |
CVE-2024-30022 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30022 |
15 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1954 |
CVE-2024-30023 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30023 |
16 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1953 |
CVE-2024-30024 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30024 |
17 |
Microsoft Windows Common Log File System Driver 缓冲区错误漏洞 |
CNNVD-202405-1951 |
CVE-2024-30025 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30025 |
18 |
Microsoft Windows NTFS 资源管理错误漏洞 |
CNNVD-202405-1952 |
CVE-2024-30027 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30027 |
19 |
Microsoft Win32k 资源管理错误漏洞 |
CNNVD-202405-1950 |
CVE-2024-30028 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30028 |
20 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202405-1949 |
CVE-2024-30029 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30029 |
21 |
Microsoft Win32k 代码问题漏洞 |
CNNVD-202405-1948 |
CVE-2024-30030 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30030 |
22 |
Microsoft Windows CNG Key Isolation Service 资源管理错误漏洞 |
CNNVD-202405-1947 |
CVE-2024-30031 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30031 |
23 |
Microsoft Windows DWM Core Library 资源管理错误漏洞 |
CNNVD-202405-1946 |
CVE-2024-30032 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30032 |
24 |
Microsoft Windows Search Component 后置链接漏洞 |
CNNVD-202405-1945 |
CVE-2024-30033 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30033 |
25 |
Microsoft Windows DWM Core Library 资源管理错误漏洞 |
CNNVD-202405-1942 |
CVE-2024-30035 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30035 |
26 |
Microsoft Windows Common Log File System Driver 缓冲区错误漏洞 |
CNNVD-202405-1940 |
CVE-2024-30037 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30037 |
27 |
Microsoft Win32K 安全漏洞 |
CNNVD-202405-1941 |
CVE-2024-30038 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30038 |
28 |
Microsoft Windows MSHTML Platform 输入验证错误漏洞 |
CNNVD-202405-1938 |
CVE-2024-30040 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040 |
29 |
Microsoft Excel 代码问题漏洞 |
CNNVD-202405-1936 |
CVE-2024-30042 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30042 |
30 |
Microsoft SharePoint 代码问题漏洞 |
CNNVD-202405-1933 |
CVE-2024-30044 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044 |
31 |
Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞 |
CNNVD-202405-1930 |
CVE-2024-30047 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30047 |
32 |
Microsoft Dynamics 365 Customer Insights 跨站脚本漏洞 |
CNNVD-202405-1929 |
CVE-2024-30048 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30048 |
33 |
Microsoft Win32K 资源管理错误漏洞 |
CNNVD-202405-1928 |
CVE-2024-30049 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30049 |
34 |
Microsoft Windows DWM Core Library 安全漏洞 |
CNNVD-202405-2412 |
CVE-2024-30051 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051 |
35 |
Microsoft Visual Studio 安全漏洞 |
CNNVD-202405-1905 |
CVE-2024-32004 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32004 |
36 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1979 |
CVE-2024-29997 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997 |
37 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1978 |
CVE-2024-29998 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29998 |
38 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1977 |
CVE-2024-29999 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29999 |
39 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1976 |
CVE-2024-30000 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30000 |
40 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1975 |
CVE-2024-30001 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30001 |
41 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1974 |
CVE-2024-30002 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30002 |
42 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1973 |
CVE-2024-30003 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30003 |
43 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1972 |
CVE-2024-30004 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30004 |
44 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1971 |
CVE-2024-30005 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30005 |
45 |
Microsoft Windows DWM Core Library 数字错误漏洞 |
CNNVD-202405-1968 |
CVE-2024-30008 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30008 |
46 |
Microsoft Windows Hyper-V 数字错误漏洞 |
CNNVD-202405-1965 |
CVE-2024-30011 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30011 |
47 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1964 |
CVE-2024-30012 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30012 |
48 |
Microsoft Windows Cryptographic Services 缓冲区错误漏洞 |
CNNVD-202405-1960 |
CVE-2024-30016 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016 |
49 |
Microsoft Windows 资源管理错误漏洞 |
CNNVD-202405-1957 |
CVE-2024-30019 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30019 |
50 |
Microsoft Windows Mobile Broadband 输入验证错误漏洞 |
CNNVD-202405-1956 |
CVE-2024-30021 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30021 |
51 |
Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 |
CNNVD-202405-1944 |
CVE-2024-30034 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034 |
52 |
Microsoft Windows Deployment Services 安全漏洞 |
CNNVD-202405-1943 |
CVE-2024-30036 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30036 |
53 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202405-1939 |
CVE-2024-30039 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039 |
54 |
Microsoft Bing 安全漏洞 |
CNNVD-202405-1937 |
CVE-2024-30041 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30041 |
55 |
Microsoft SharePoint 代码问题漏洞 |
CNNVD-202405-1934 |
CVE-2024-30043 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043 |
56 |
.NET and Visual Studio 安全漏洞 |
CNNVD-202405-1932 |
CVE-2024-30045 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045 |
57 |
Microsoft Visual Studio 竞争条件问题漏洞 |
CNNVD-202405-1931 |
CVE-2024-30046 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046 |
58 |
Microsoft Windows 安全漏洞 |
CNNVD-202405-1926 |
CVE-2024-30050 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30050 |
59 |
Microsoft Azure Migrate 跨站脚本漏洞 |
CNNVD-202405-2297 |
CVE-2024-30053 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30053 |
60 |
Microsoft Power BI 输入验证错误漏洞 |
CNNVD-202405-2120 |
CVE-2024-30054 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30054 |
61 |
Microsoft Intune 访问控制错误漏洞 |
CNNVD-202405-1935 |
CVE-2024-30059 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30059 |
此次更新共包括5个更新漏洞的补丁程序,其中高危漏洞1个,中危漏洞4个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202404-1180 |
CVE-2024-26211 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26211 |
2 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202404-1184 |
CVE-2024-26207 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26207 |
3 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202404-1179 |
CVE-2024-26217 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26217 |
4 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202404-1135 |
CVE-2024-28900 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28900 |
5 |
Microsoft Windows Remote Access Connection Manager 安全漏洞 |
CNNVD-202404-1133 |
CVE-2024-28902 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28902 |
此次更新共包括2个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞2个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
1 |
Lenovo PC 安全漏洞 |
CNNVD-202404-1383 |
CVE-2024-23593 |
中危 |
联想 |
https://support.lenovo.com/us/en/product_security/LEN-132277 |
2 |
Google Chrome 安全漏洞 |
CNNVD-202405-1870 |
CVE-2024-4761 |
中危 |
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。联系方式: cnnvdvul@itsec.gov.cn
浏览量: 684
海南科技职业大学©2023
地址:海南省海口市美兰区琼山大道18号海南科技职业大学,邮编:571126
联系电话:0898-65969889 0898-65969887 0898-65959918
E-MAIL:service@hvust.edu.cn
琼ICP备号:15001472号-2
琼公网安备:46010802000596号
