2023年12月12日,微软发布了2023年12月份安全更新,共38个漏洞的补丁程序。本次更新主要涵盖了Microsoft Windows和Windows组件、Microsoft Windows Local Security Authority Subsystem Service、Microsoft Outlook、Microsoft Defender、Microsoft Azure Machine Learning、Microsoft Windows Internet Connection Sharing等。其中超危漏洞1个,高危漏洞27个,中危漏洞10个。
二、漏洞详情
此次更新共包括33个新增漏洞的补丁程序,其中超危漏洞1个,高危漏洞23个,中危漏洞9个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Power Platform Connector 安全漏洞 | CNNVD-202312-970 | CVE-2023-36019 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019 |
2 | Microsoft Windows Media Foundation 安全漏洞 | CNNVD-202312-949 | CVE-2023-21740 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740 |
3 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202312-957 | CVE-2023-35621 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621 |
4 | Microsoft Windows DNS 安全漏洞 | CNNVD-202312-954 | CVE-2023-35622 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622 |
5 | Microsoft Azure Connected Machine Agent 安全漏洞 | CNNVD-202312-959 | CVE-2023-35624 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624 |
6 | Microsoft Windows MSHTML Platform 安全漏洞 | CNNVD-202312-956 | CVE-2023-35628 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628 |
7 | Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 | CNNVD-202312-962 | CVE-2023-35630 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630 |
8 | Microsoft Win32K 安全漏洞 | CNNVD-202312-966 | CVE-2023-35631 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631 |
9 | Microsoft Windows Internet Connection Sharing 安全漏洞 | CNNVD-202312-965 | CVE-2023-35632 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632 |
10 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202312-963 | CVE-2023-35633 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633 |
11 | Microsoft Bluetooth Driver 安全漏洞 | CNNVD-202312-973 | CVE-2023-35634 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634 |
12 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202312-952 | CVE-2023-35638 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638 |
13 | Microsoft ODBC Driver 安全漏洞 | CNNVD-202312-953 | CVE-2023-35639 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639 |
14 | Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 | CNNVD-202312-958 | CVE-2023-35641 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641 |
15 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202312-961 | CVE-2023-35643 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643 |
16 | Microsoft Windows Kernel Mode Drivers 安全漏洞 | CNNVD-202312-968 | CVE-2023-35644 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644 |
17 | Microsoft Windows DPAPI 安全漏洞 | CNNVD-202312-933 | CVE-2023-36004 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004 |
18 | Microsoft Windows Telephony Server 安全漏洞 | CNNVD-202312-940 | CVE-2023-36005 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005 |
19 | Microsoft OLE DB Provider for SQL Server 安全漏洞 | CNNVD-202312-945 | CVE-2023-36006 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006 |
20 | Microsoft Defender 安全漏洞 | CNNVD-202312-916 | CVE-2023-36010 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010 |
21 | Microsoft Win32K 安全漏洞 | CNNVD-202312-906 | CVE-2023-36011 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011 |
22 | Microsoft Dynamics 365 安全漏洞 | CNNVD-202312-901 | CVE-2023-36020 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020 |
23 | Microsoft Windows Local Security Authority Subsystem Service 安全漏洞 | CNNVD-202312-898 | CVE-2023-36391 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391 |
24 | Microsoft Windows Cloud Files Mini Filter Driver 安全漏洞 | CNNVD-202312-895 | CVE-2023-36696 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696 |
25 | Microsoft Outlook 安全漏洞 | CNNVD-202312-964 | CVE-2023-35619 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619 |
26 | Microsoft Azure Machine Learning 安全漏洞 | CNNVD-202312-912 | CVE-2023-35625 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625 |
27 | Microsoft Windows USB Mass Storage Class Driver 安全漏洞 | CNNVD-202312-960 | CVE-2023-35629 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35629 |
28 | Microsoft Windows Kernel 安全漏洞 | CNNVD-202312-969 | CVE-2023-35635 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635 |
29 | Microsoft Outlook 安全漏洞 | CNNVD-202312-967 | CVE-2023-35636 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636 |
30 | Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 | CNNVD-202312-955 | CVE-2023-35642 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35642 |
31 | Microsoft XAML Diagnostics 安全漏洞 | CNNVD-202312-926 | CVE-2023-36003 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003 |
32 | Microsoft Word 安全漏洞 | CNNVD-202312-905 | CVE-2023-36009 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009 |
33 | Microsoft Windows DHCP Server 安全漏洞 | CNNVD-202312-919 | CVE-2023-36012 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36012 |
此次更新共包括4个更新漏洞的补丁程序,其中高危漏洞4个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft .NET和Microsoft Visual Studio 安全漏洞 | CNNVD-202309-896 | CVE-2023-36792 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 |
2 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-832 | CVE-2023-36793 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793 |
3 | Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-837 | CVE-2023-36794 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794 |
Microsoft Visual Studio和Microsoft .NET 安全漏洞 | CNNVD-202309-824 | CVE-2023-36796 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796 |
此次更新共包括1个影响微软产品的其他厂商漏洞的补丁程序,其中中危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 厂商 | 官方链接 |
1 | AMD Processors 数字错误漏洞 | CNNVD-202308-736 | CVE-2023-20588 | 中危 | AMD | https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html |
三、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-us
