近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞75个,影响到微软产品的其他厂商漏洞1个。微软Microsoft Windows、Microsoft Windows Kernel Mode Drivers、Microsoft DNS Server、Microsoft Windows IP Routing Management Snapin等多个产品和系统受漏洞影响。目前,微软官方已经发布了漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、 漏洞介绍
2024年12月10日,微软发布了2024年12月份安全更新,共76个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Microsoft Windows 和 Windows 组件、Microsoft Windows Kernel Mode Drivers、Microsoft DNS Server、Microsoft Windows IP Routing Management Snapin、Microsoft Windows Routing and Remote Access Service、Microsoft Windows Resilient File System等。CNNVD对其危害等级进行了评价,其中超危漏洞1个,高危漏洞35个,中危漏洞40个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问微软官方网站查询:
https://portal.msrc.microsoft.com/zh-cn/security-guidance
二、漏洞详情
此次更新共76个漏洞的补丁程序,包括71个新增漏洞的补丁程序、4个更新漏洞的补丁程序和1个影响微软产品的其他厂商漏洞的补丁程序。
此次更新共包括71个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞30个,中危漏洞40个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202412-1333 |
CVE-2024-49112 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 |
2 |
Microsoft Office 安全漏洞 |
CNNVD-202412-1271 |
CVE-2024-43600 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43600 |
3 |
Microsoft Windows Task Scheduler 安全漏洞 |
CNNVD-202412-1284 |
CVE-2024-49072 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49072 |
4 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1288 |
CVE-2024-49075 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49075 |
5 |
Microsoft Input Method Editor 安全漏洞 |
CNNVD-202412-1301 |
CVE-2024-49079 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49079 |
6 |
Microsoft Windows IP Routing Management Snapin 安全漏洞 |
CNNVD-202412-1306 |
CVE-2024-49080 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49080 |
7 |
Microsoft Windows Kernel 安全漏洞 |
CNNVD-202412-1158 |
CVE-2024-49084 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49084 |
8 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202412-1315 |
CVE-2024-49088 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49088 |
9 |
Microsoft Windows PrintWorkflowUserSvc 安全漏洞 |
CNNVD-202412-1323 |
CVE-2024-49095 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49095 |
10 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202412-1189 |
CVE-2024-49096 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49096 |
11 |
Microsoft Windows PrintWorkflowUserSvc 安全漏洞 |
CNNVD-202412-1192 |
CVE-2024-49097 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49097 |
12 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1207 |
CVE-2024-49102 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49102 |
13 |
Microsoft Remote Desktop Client 安全漏洞 |
CNNVD-202412-1362 |
CVE-2024-49105 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49105 |
14 |
Microsoft WmsRepair Service 安全漏洞 |
CNNVD-202412-1220 |
CVE-2024-49107 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49107 |
15 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1223 |
CVE-2024-49108 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108 |
16 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202412-1336 |
CVE-2024-49113 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113 |
17 |
Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 |
CNNVD-202412-1340 |
CVE-2024-49114 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114 |
18 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1342 |
CVE-2024-49116 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116 |
19 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202412-1345 |
CVE-2024-49118 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49118 |
20 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1236 |
CVE-2024-49119 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119 |
21 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1238 |
CVE-2024-49120 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49120 |
22 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202412-1241 |
CVE-2024-49121 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49121 |
23 |
Microsoft Message Queuing 安全漏洞 |
CNNVD-202412-1246 |
CVE-2024-49122 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49122 |
24 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1244 |
CVE-2024-49123 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49123 |
25 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202412-1250 |
CVE-2024-49124 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124 |
26 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1252 |
CVE-2024-49125 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49125 |
27 |
Microsoft Lightweight Directory Access Protocol 安全漏洞 |
CNNVD-202412-1349 |
CVE-2024-49127 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49127 |
28 |
Microsoft Windows Remote Desktop Gateway 安全漏洞 |
CNNVD-202412-1260 |
CVE-2024-49129 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49129 |
29 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1261 |
CVE-2024-49132 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49132 |
30 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202412-1357 |
CVE-2024-49138 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138 |
31 |
Microsoft Office 安全漏洞 |
CNNVD-202412-1266 |
CVE-2024-49142 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49142 |
32 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1294 |
CVE-2024-49077 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49077 |
33 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1307 |
CVE-2024-49081 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49081 |
34 |
Microsoft Windows File Explorer 安全漏洞 |
CNNVD-202412-1310 |
CVE-2024-49082 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082 |
35 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1317 |
CVE-2024-49083 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49083 |
36 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1200 |
CVE-2024-49099 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49099 |
37 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1203 |
CVE-2024-49101 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49101 |
38 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1327 |
CVE-2024-49109 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49109 |
39 |
Microsoft System Center Operations Manager 安全漏洞 |
CNNVD-202412-1187 |
CVE-2024-43594 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43594 |
40 |
Microsoft Defender 安全漏洞 |
CNNVD-202412-1131 |
CVE-2024-49057 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49057 |
41 |
Microsoft Office 安全漏洞 |
CNNVD-202412-1133 |
CVE-2024-49059 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49059 |
42 |
Microsoft Office Sharepoint Server 安全漏洞 |
CNNVD-202412-1276 |
CVE-2024-49062 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062 |
43 |
Microsoft Muzic 安全漏洞 |
CNNVD-202412-1278 |
CVE-2024-49063 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49063 |
44 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202412-1138 |
CVE-2024-49064 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064 |
45 |
Microsoft Office 安全漏洞 |
CNNVD-202412-1280 |
CVE-2024-49065 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49065 |
46 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202412-1140 |
CVE-2024-49068 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068 |
47 |
Microsoft Excel 安全漏洞 |
CNNVD-202412-1145 |
CVE-2024-49069 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49069 |
48 |
Microsoft SharePoint 安全漏洞 |
CNNVD-202412-1147 |
CVE-2024-49070 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070 |
49 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1152 |
CVE-2024-49073 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49073 |
50 |
Microsoft Windows Kernel Mode Drivers 安全漏洞 |
CNNVD-202412-1154 |
CVE-2024-49074 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49074 |
51 |
Microsoft Windows Virtualization-Based Security (VBS) Enclave 安全漏洞 |
CNNVD-202412-1290 |
CVE-2024-49076 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49076 |
52 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1298 |
CVE-2024-49078 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49078 |
53 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1162 |
CVE-2024-49085 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49085 |
54 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1165 |
CVE-2024-49086 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49086 |
55 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1168 |
CVE-2024-49087 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49087 |
56 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1172 |
CVE-2024-49089 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49089 |
57 |
Microsoft Windows Common Log File System Driver 安全漏洞 |
CNNVD-202412-1320 |
CVE-2024-49090 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49090 |
58 |
Microsoft DNS Server 安全漏洞 |
CNNVD-202412-1174 |
CVE-2024-49091 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49091 |
59 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1179 |
CVE-2024-49092 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49092 |
60 |
Microsoft Windows Resilient File System 安全漏洞 |
CNNVD-202412-1181 |
CVE-2024-49093 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49093 |
61 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1184 |
CVE-2024-49094 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49094 |
62 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1197 |
CVE-2024-49098 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49098 |
63 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1212 |
CVE-2024-49103 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49103 |
64 |
Microsoft Windows Routing and Remote Access Service 安全漏洞 |
CNNVD-202412-1214 |
CVE-2024-49104 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49104 |
65 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1217 |
CVE-2024-49106 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49106 |
66 |
Microsoft Windows Mobile Broadband Driver 安全漏洞 |
CNNVD-202412-1330 |
CVE-2024-49110 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49110 |
67 |
Microsoft Windows Wireless Wide Area Network Service 安全漏洞 |
CNNVD-202412-1227 |
CVE-2024-49111 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49111 |
68 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1229 |
CVE-2024-49115 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49115 |
69 |
Microsoft Hyper-V 安全漏洞 |
CNNVD-202412-1232 |
CVE-2024-49117 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49117 |
70 |
Microsoft Windows Local Security Authority Subsystem Service 安全漏洞 |
CNNVD-202412-1256 |
CVE-2024-49126 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49126 |
71 |
Microsoft Windows Remote Desktop Services 安全漏洞 |
CNNVD-202412-1354 |
CVE-2024-49128 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128 |
此次更新共包括4个更新漏洞的补丁程序,其中高危漏洞4个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
1 |
Microsoft QUIC 安全漏洞 |
CNNVD-202310-806 |
CVE-2023-36435 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435 |
2 |
Microsoft QUIC 安全漏洞 |
CNNVD-202310-726 |
CVE-2023-38171 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 |
3 |
Microsoft Windows PowerShell 安全漏洞 |
CNNVD-202407-770 |
CVE-2024-38033 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38033 |
4 |
Microsoft Winlogon 安全漏洞 |
CNNVD-202410-755 |
CVE-2024-43583 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中高危漏洞1个。
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
厂商 |
官方链接 |
1 |
Apache HTTP/2 资源管理错误漏洞 |
CNNVD-202310-667 |
CVE-2023-44487 |
高危 |
Apache基金会 |
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
浏览量: 908