0#事件
近日,微软官方发布了多个安全漏洞的公告,包括InternetExplorer安全漏洞(CNNVD-202103-644、CVE-2021-27085)、MicrosoftSharePoint Server 安全漏洞(CNNVD-202103-642、CVE-2021-27076)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
1#详细信息
2021年3月10日,微软发布了2021年3月份安全更新,共82个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Azure、IE和Edge、Exchange Server、Office、SharePoint Server,Visual Studio等多个Windows平台下应用软件和组件。CNNVD对其危害等级进行了评价,其中包括7个超危漏洞,64个高危漏洞。微软多个产品和系统版本受漏洞影响。
具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
此次更新共包括82个漏洞的补丁程序,其中7个超危漏洞,64个高危漏洞。
以下为整理出来的表格:
|
序号 |
漏洞名称 |
CNNVD编号 |
CVE编号 |
危害等级 |
官方链接 |
|
1 |
Windows DNS服务器安全漏洞 |
CNNVD-202103-615 |
CVE-2021-26897 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897 |
|
2 |
Microsoft Windows DNS服务器安全漏洞 |
CNNVD-202103-613 |
CVE-2021-26895 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26895 |
|
3 |
Microsoft Windows DNS服务器安全漏洞 |
CNNVD-202103-618 |
CVE-2021-26894 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26894 |
|
4 |
Microsoft Windows DNS服务器安全漏洞 |
CNNVD-202103-612 |
CVE-2021-26893 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26893 |
|
5 |
Microsoft Windows安全漏洞 |
CNNVD-202103-607 |
CVE-2021-26877 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26877 |
|
6 |
Windows Hyper-V安全漏洞 |
CNNVD-202103-597 |
CVE-2021-26867 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867 |
|
7 |
Microsoft Azure Sphere安全漏洞 |
CNNVD-202103-580 |
CVE-2021-27080 |
超危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27080 |
|
8 |
Microsoft Internet Explorer安全漏洞 |
CNNVD-202103-644 |
CVE-2021-27085 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085 |
|
9 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202103-643 |
CVE-2021-27084 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084 |
|
10 |
Microsoft SharePoint Server安全漏洞 |
CNNVD-202103-642 |
CVE-2021-27076 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076 |
|
11 |
Microsoft Git for Visual Studio安全漏洞 |
CNNVD-202103-640 |
CVE-2021-21300 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21300 |
|
12 |
Microsoft Windows DNS服务器安全漏洞 |
CNNVD-202103-637 |
CVE-2021-27063 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27063 |
|
13 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-638 |
CVE-2021-27062 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27062 |
|
14 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-636 |
CVE-2021-27061 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27061 |
|
15 |
Microsoft Office安全漏洞 |
CNNVD-202103-635 |
CVE-2021-27059 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27059 |
|
16 |
Microsoft Office ClickToRun安全漏洞 |
CNNVD-202103-634 |
CVE-2021-27058 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27058 |
|
17 |
Microsoft Office安全漏洞 |
CNNVD-202103-633 |
CVE-2021-27057 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27057 |
|
18 |
Microsoft PowerPoint安全漏洞 |
CNNVD-202103-631 |
CVE-2021-27056 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27056 |
|
19 |
Microsoft Visio安全漏洞 |
CNNVD-202103-632 |
CVE-2021-27055 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27055 |
|
20 |
Microsoft Excel安全漏洞 |
CNNVD-202103-630 |
CVE-2021-27054 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27054 |
|
21 |
Microsoft Excel安全漏洞 |
CNNVD-202103-629 |
CVE-2021-27053 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053 |
|
22 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-627 |
CVE-2021-27051 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27051 |
|
23 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-626 |
CVE-2021-27050 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27050 |
|
24 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-624 |
CVE-2021-27049 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27049 |
|
25 |
Microsoft HEVC Video安全漏洞 |
CNNVD-202103-641 |
CVE-2021-27048 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27048 |
|
26 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-623 |
CVE-2021-27047 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27047 |
|
27 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-625 |
CVE-2021-26902 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26902 |
|
28 |
Windows事件跟踪安全漏洞 |
CNNVD-202103-622 |
CVE-2021-26901 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26901 |
|
29 |
Microsoft Windows Wink安全漏洞 |
CNNVD-202103-621 |
CVE-2021-26900 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26900 |
|
30 |
Microsoft Windows UPnP设备主机安全漏洞 |
CNNVD-202103-619 |
CVE-2021-26899 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26899 |
|
31 |
Microsoft Windows安全漏洞 |
CNNVD-202103-617 |
CVE-2021-26898 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26898 |
|
32 |
Microsoft Windows DNS服务器安全漏洞 |
CNNVD-202103-616 |
CVE-2021-26896 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26896 |
|
33 |
Microsoft Windows容器执行代理安全漏洞 |
CNNVD-202103-650 |
CVE-2021-26891 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26891 |
|
34 |
Microsoft Application Virtualization安全漏洞 |
CNNVD-202103-651 |
CVE-2021-26890 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26890 |
|
35 |
Microsoft Windows Update Stack安全漏洞 |
CNNVD-202103-649 |
CVE-2021-26889 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26889 |
|
36 |
Microsoft Windows安全漏洞 |
CNNVD-202103-648 |
CVE-2021-26887 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887 |
|
37 |
Microsoft Windows WalletService安全漏洞 |
CNNVD-202103-646 |
CVE-2021-26885 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26885 |
|
38 |
Microsoft Windows安全漏洞 |
CNNVD-202103-614 |
CVE-2021-26882 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26882 |
|
39 |
Microsoft Windows Media Foundation安全漏洞 |
CNNVD-202103-610 |
CVE-2021-26881 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26881 |
|
40 |
Microsoft Windows安全漏洞 |
CNNVD-202103-620 |
CVE-2021-26880 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26880 |
|
41 |
Microsoft Windows NAT安全漏洞 |
CNNVD-202103-609 |
CVE-2021-26879 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26879 |
|
42 |
Microsoft Windows打印后台处理程序安全漏洞 |
CNNVD-202103-608 |
CVE-2021-26878 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26878 |
|
43 |
Microsoft OpenType字体分析安全漏洞 |
CNNVD-202103-606 |
CVE-2021-26876 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26876 |
|
44 |
Microsoft Windows Win32k安全漏洞 |
CNNVD-202103-605 |
CVE-2021-26875 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26875 |
|
45 |
Microsoft Windows覆盖筛选器安全漏洞 |
CNNVD-202103-604 |
CVE-2021-26874 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26874 |
|
46 |
Microsoft Windows User Profile Service安全漏洞 |
CNNVD-202103-602 |
CVE-2021-26873 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26873 |
|
47 |
Windows安全漏洞 |
CNNVD-202103-603 |
CVE-2021-26872 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26872 |
|
48 |
Windows安全漏洞 |
CNNVD-202103-600 |
CVE-2021-26871 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26871 |
|
49 |
Microsoft Windows投影文件系统安全漏洞 |
CNNVD-202103-601 |
CVE-2021-26870 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26870 |
|
50 |
Microsoft Windows图形组件安全漏洞 |
CNNVD-202103-598 |
CVE-2021-26868 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26868 |
|
51 |
Microsoft Windows Update服务安全漏洞 |
CNNVD-202103-596 |
CVE-2021-26866 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26866 |
|
52 |
Microsoft Windows容器执行代理安全漏洞 |
CNNVD-202103-595 |
CVE-2021-26865 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26865 |
|
53 |
Microsoft Windows虚拟注册表提供程序安全漏洞 |
CNNVD-202103-594 |
CVE-2021-26864 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26864 |
|
54 |
Microsoft Windows Win32k安全漏洞 |
CNNVD-202103-593 |
CVE-2021-26863 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26863 |
|
55 |
Microsoft Windows图形组件安全漏洞 |
CNNVD-202103-591 |
CVE-2021-26861 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26861 |
|
56 |
Microsoft Windows App-V覆盖筛选器安全漏洞 |
CNNVD-202103-589 |
CVE-2021-26860 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26860 |
|
57 |
Microsoft Power BI信息泄漏漏洞 |
CNNVD-202103-590 |
CVE-2021-26859 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26859 |
|
58 |
Microsoft HEVC Video扩展程序安全漏洞 |
CNNVD-202103-587 |
CVE-2021-24110 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24110 |
|
59 |
Microsoft Windows错误报告安全漏洞 |
CNNVD-202103-584 |
CVE-2021-24090 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090 |
|
60 |
Microsoft HEVC Video安全漏洞 |
CNNVD-202103-585 |
CVE-2021-24089 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089 |
|
61 |
Visual Studio Code安全漏洞 |
CNNVD-202103-582 |
CVE-2021-27083 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27083 |
|
62 |
Microsoft Visual Studio Code 安全漏洞 |
CNNVD-202103-583 |
CVE-2021-27082 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27082 |
|
63 |
Microsoft Visual Studio Code ESLint安全漏洞 |
CNNVD-202103-581 |
CVE-2021-27081 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27081 |
|
64 |
Microsoft Windows Win32k安全漏洞 |
CNNVD-202103-579 |
CVE-2021-27077 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077 |
|
65 |
Windows 10安全漏洞 |
CNNVD-202103-575 |
CVE-2021-27070 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27070 |
|
66 |
Visual Studio Code安全漏洞 |
CNNVD-202103-576 |
CVE-2021-27060 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27060 |
|
67 |
Microsoft Internet Explorer安全漏洞 |
CNNVD-202103-574 |
CVE-2021-26411 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411 |
|
68 |
Microsoft Office安全漏洞 |
CNNVD-202103-573 |
CVE-2021-24108 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24108 |
|
69 |
Microsoft DirectX安全漏洞 |
CNNVD-202103-572 |
CVE-2021-24095 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24095 |
|
70 |
Microsoft Windows Update Stack安装程序安全漏洞 |
CNNVD-202103-571 |
CVE-2021-1729 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1729 |
|
71 |
Microsoft Windows打印后台处理程序安全漏洞 |
CNNVD-202103-570 |
CVE-2021-1640 |
高危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1640 |
|
72 |
Microsoft Windows管理中心安全功能安全漏洞 |
CNNVD-202103-639 |
CVE-2021-27066 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066 |
|
73 |
Microsoft SharePoint Server信息泄露漏洞 |
CNNVD-202103-628 |
CVE-2021-27052 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27052 |
|
74 |
Microsoft Windows可扩展固件接口安全漏洞 |
CNNVD-202103-611 |
CVE-2021-26892 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26892 |
|
75 |
Microsoft User Profile Service安全漏洞 |
CNNVD-202103-647 |
CVE-2021-26886 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26886 |
|
76 |
Microsoft Windows Media照片编解码器信息泄漏漏洞 |
CNNVD-202103-645 |
CVE-2021-26884 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26884 |
|
77 |
Microsoft Windows ActiveX安装程序服务信息泄露漏洞 |
CNNVD-202103-599 |
CVE-2021-26869 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26869 |
|
78 |
Microsoft Windows Installer安全漏洞 |
CNNVD-202103-592 |
CVE-2021-26862 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26862 |
|
79 |
Windows信息泄露漏洞 |
CNNVD-202103-588 |
CVE-2021-24107 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24107 |
|
80 |
Microsoft SharePoint安全漏洞 |
CNNVD-202103-586 |
CVE-2021-24104 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24104 |
|
81 |
Microsoft Windows虚拟机信息泄露漏洞 |
CNNVD-202103-578 |
CVE-2021-27075 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27075 |
|
82 |
Microsoft Azure Sphere安全漏洞 |
CNNVD-202103-577 |
CVE-2021-27074 |
中危 |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27074 |
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:
https://msrc.microsoft.com/update-guide/en-us
CNNVD将继续跟踪上述漏洞的相关情况,及时发布相关信息。如有需要,可与CNNVD联系。
联系方式: cnnvd@itsec.gov.cn
本文来自CNNVD安全动态
发表评论