网络通知


    近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞75个,影响到微软产品的其他厂商漏洞1个。微软Microsoft WindowsMicrosoft Windows Kernel Mode DriversMicrosoft DNS ServerMicrosoft Windows IP Routing Management Snapin等多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

    一、 漏洞介绍

    20241210日,微软发布了202412月份安全更新,共76个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows  Windows 组件、Microsoft Windows Kernel Mode DriversMicrosoft DNS ServerMicrosoft Windows IP Routing Management SnapinMicrosoft Windows Routing and Remote Access ServiceMicrosoft Windows Resilient File System等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞40个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:

    https://portal.msrc.microsoft.com/zh-cn/security-guidance

    二、漏洞详情

    此次更新共76个漏洞的补丁程序,包括71个新增漏洞的补丁程序、4个更新漏洞的补丁程序和1个影响微软产品的其他厂商漏洞的补丁程序。

      此次更新共包括71个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞30个,中危漏洞40个。

     

    序号

    漏洞名称

    CNNVD编号

    CVE编号

    危害等级

    官方链接

    1

    Microsoft Lightweight Directory Access Protocol 安全漏洞

    CNNVD-202412-1333

    CVE-2024-49112

    超危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112

    2

    Microsoft Office 安全漏洞

    CNNVD-202412-1271

    CVE-2024-43600

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43600

    3

    Microsoft Windows Task Scheduler 安全漏洞

    CNNVD-202412-1284

    CVE-2024-49072

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49072

    4

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1288

    CVE-2024-49075

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075

    5

    Microsoft Input Method Editor 安全漏洞

    CNNVD-202412-1301

    CVE-2024-49079

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079

    6

    Microsoft Windows IP Routing Management Snapin 安全漏洞

    CNNVD-202412-1306

    CVE-2024-49080

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080

    7

    Microsoft Windows Kernel 安全漏洞

    CNNVD-202412-1158

    CVE-2024-49084

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084

    8

    Microsoft Windows Common Log File System Driver 安全漏洞

    CNNVD-202412-1315

    CVE-2024-49088

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088

    9

    Microsoft Windows PrintWorkflowUserSvc 安全漏洞

    CNNVD-202412-1323

    CVE-2024-49095

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49095

    10

    Microsoft Message Queuing 安全漏洞

    CNNVD-202412-1189

    CVE-2024-49096

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49096

    11

    Microsoft Windows PrintWorkflowUserSvc 安全漏洞

    CNNVD-202412-1192

    CVE-2024-49097

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49097

    12

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1207

    CVE-2024-49102

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102

    13

    Microsoft Remote Desktop Client 安全漏洞

    CNNVD-202412-1362

    CVE-2024-49105

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105

    14

    Microsoft WmsRepair Service 安全漏洞

    CNNVD-202412-1220

    CVE-2024-49107

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49107

    15

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1223

    CVE-2024-49108

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108

    16

    Microsoft Lightweight Directory Access Protocol 安全漏洞

    CNNVD-202412-1336

    CVE-2024-49113

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113

    17

    Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞

    CNNVD-202412-1340

    CVE-2024-49114

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114

    18

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1342

    CVE-2024-49116

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116

    19

    Microsoft Message Queuing 安全漏洞

    CNNVD-202412-1345

    CVE-2024-49118

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118

    20

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1236

    CVE-2024-49119

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119

    21

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1238

    CVE-2024-49120

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49120

    22

    Microsoft Lightweight Directory Access Protocol 安全漏洞

    CNNVD-202412-1241

    CVE-2024-49121

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121

    23

    Microsoft Message Queuing 安全漏洞

    CNNVD-202412-1246

    CVE-2024-49122

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49122

    24

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1244

    CVE-2024-49123

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123

    25

    Microsoft Lightweight Directory Access Protocol 安全漏洞

    CNNVD-202412-1250

    CVE-2024-49124

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124

    26

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1252

    CVE-2024-49125

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49125

    27

    Microsoft Lightweight Directory Access Protocol 安全漏洞

    CNNVD-202412-1349

    CVE-2024-49127

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127

    28

    Microsoft Windows Remote Desktop Gateway 安全漏洞

    CNNVD-202412-1260

    CVE-2024-49129

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49129

    29

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1261

    CVE-2024-49132

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49132

    30

    Microsoft Windows Common Log File System Driver 安全漏洞

    CNNVD-202412-1357

    CVE-2024-49138

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

    31

    Microsoft Office 安全漏洞

    CNNVD-202412-1266

    CVE-2024-49142

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142

    32

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1294

    CVE-2024-49077

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49077

    33

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1307

    CVE-2024-49081

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49081

    34

    Microsoft Windows File Explorer 安全漏洞

    CNNVD-202412-1310

    CVE-2024-49082

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082

    35

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1317

    CVE-2024-49083

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49083

    36

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1200

    CVE-2024-49099

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099

    37

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1203

    CVE-2024-49101

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49101

    38

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1327

    CVE-2024-49109

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109

    39

    Microsoft System Center Operations Manager 安全漏洞

    CNNVD-202412-1187

    CVE-2024-43594

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594

    40

    Microsoft Defender 安全漏洞

    CNNVD-202412-1131

    CVE-2024-49057

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057

    41

    Microsoft Office 安全漏洞

    CNNVD-202412-1133

    CVE-2024-49059

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059

    42

    Microsoft Office Sharepoint Server 安全漏洞

    CNNVD-202412-1276

    CVE-2024-49062

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062

    43

    Microsoft Muzic 安全漏洞

    CNNVD-202412-1278

    CVE-2024-49063

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063

    44

    Microsoft SharePoint 安全漏洞

    CNNVD-202412-1138

    CVE-2024-49064

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064

    45

    Microsoft Office 安全漏洞

    CNNVD-202412-1280

    CVE-2024-49065

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065

    46

    Microsoft SharePoint 安全漏洞

    CNNVD-202412-1140

    CVE-2024-49068

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068

    47

    Microsoft Excel 安全漏洞

    CNNVD-202412-1145

    CVE-2024-49069

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069

    48

    Microsoft SharePoint 安全漏洞

    CNNVD-202412-1147

    CVE-2024-49070

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070

    49

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1152

    CVE-2024-49073

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49073

    50

    Microsoft Windows Kernel Mode Drivers 安全漏洞

    CNNVD-202412-1154

    CVE-2024-49074

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49074

    51

    Microsoft Windows Virtualization-Based Security (VBS) Enclave 安全漏洞

    CNNVD-202412-1290

    CVE-2024-49076

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076

    52

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1298

    CVE-2024-49078

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49078

    53

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1162

    CVE-2024-49085

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49085

    54

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1165

    CVE-2024-49086

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086

    55

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1168

    CVE-2024-49087

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087

    56

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1172

    CVE-2024-49089

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089

    57

    Microsoft Windows Common Log File System Driver 安全漏洞

    CNNVD-202412-1320

    CVE-2024-49090

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090

    58

    Microsoft DNS Server 安全漏洞

    CNNVD-202412-1174

    CVE-2024-49091

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49091

    59

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1179

    CVE-2024-49092

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49092

    60

    Microsoft Windows Resilient File System 安全漏洞

    CNNVD-202412-1181

    CVE-2024-49093

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49093

    61

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1184

    CVE-2024-49094

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094

    62

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1197

    CVE-2024-49098

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098

    63

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1212

    CVE-2024-49103

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103

    64

    Microsoft Windows Routing and Remote Access Service 安全漏洞

    CNNVD-202412-1214

    CVE-2024-49104

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104

    65

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1217

    CVE-2024-49106

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49106

    66

    Microsoft Windows Mobile Broadband Driver 安全漏洞

    CNNVD-202412-1330

    CVE-2024-49110

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49110

    67

    Microsoft Windows Wireless Wide Area Network Service 安全漏洞

    CNNVD-202412-1227

    CVE-2024-49111

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49111

    68

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1229

    CVE-2024-49115

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115

    69

    Microsoft Hyper-V 安全漏洞

    CNNVD-202412-1232

    CVE-2024-49117

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49117

    70

    Microsoft Windows Local Security Authority Subsystem Service 安全漏洞

    CNNVD-202412-1256

    CVE-2024-49126

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49126

    71

    Microsoft Windows Remote Desktop Services 安全漏洞

    CNNVD-202412-1354

    CVE-2024-49128

    中危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128

      此次更新共包括4个更新漏洞的补丁程序,其中高危漏洞4个。

     

    序号

    漏洞名称

    CNNVD编号

    CVE编号

    危害等级

    官方链接

    1

    Microsoft QUIC 安全漏洞

    CNNVD-202310-806

    CVE-2023-36435

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435

    2

    Microsoft QUIC 安全漏洞

    CNNVD-202310-726

    CVE-2023-38171

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171

    3

    Microsoft Windows PowerShell 安全漏洞

    CNNVD-202407-770

    CVE-2024-38033

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38033

    4

    Microsoft Winlogon 安全漏洞

    CNNVD-202410-755

    CVE-2024-43583

    高危

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583

      此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞1个。

     

    序号

    漏洞名称

    CNNVD编号

    CVE编号

    危害等级

    厂商

    官方链接

    1

    Apache HTTP/2 资源管理错误漏洞

    CNNVD-202310-667

    CVE-2023-44487

    高危

    Apache基金会

    https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

     

    三、修复建议

    目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:

    https://msrc.microsoft.com/update-guide/en-us


浏览量: 908