2023 年 3 月 14 日
.png)
作者: Esben Dochy
本月最紧迫的漏洞是 Microsoft Outlook 中的一个漏洞。 CVE-2023-23397 已经被利用,所以尽快更新很重要。 请记住,不幸的是,Lansweeper 无法报告解决此漏洞的知识库更新。 微软提到了以下关于利用过程的内容:
另一条有用的信息是 Outlook 预览窗格不是攻击媒介。 可以在预览窗格中查看电子邮件之前利用此漏洞。
最后,还有其他缓解选项,例如将用户添加到受保护用户安全组,这会阻止使用 NTLM 作为身份验证机制,或者通过使用外围防火墙、本地防火墙和阻止 TCP 445/SMB 从您的网络出站 通过您的 VPN 设置。
CVE-2023-23415 是本月修复的另一个严重漏洞。 它的 CVSS 基本分数为 9.8,接近可能达到的最严重评级。 根据 Microsoft 的说法,此 Internet 控制消息协议 (ICMP) 远程代码执行漏洞尚未被利用,但将来更有可能被利用。
微软列出,为了利用此漏洞,攻击者需要向目标机器发送一个低级协议错误,该错误在其标头中的另一个 ICMP 数据包中包含一个分段的 IP 数据包。
第三个严重漏洞是 HTTP 协议栈中的一个漏洞。 CVE-2023-23392 的 CVSS 评分也为 9.8,同样尚未被利用,但未来更有可能被利用。 “好”消息是只有 Windows Server 2022 易受攻击。
要利用此漏洞,未经身份验证的攻击者可以使用 HTTP 协议栈 (http.sys) 将特制数据包发送到目标服务器以处理数据包。
虽然更新是防止利用的简单方法,但您可以选择通过禁用 HTTP/3(如果已启用)来缓解漏洞。
为了帮助管理您的更新进度,我们创建了补丁星期二审计,检查您网络中的资产是否使用最新的补丁更新。 该报告已用颜色编码,以查看哪些机器是最新的,哪些仍需要更新。 一如既往,我们敦促系统管理员尽快更新他们的环境,以确保所有端点的安全。
Lansweeper 周二补丁报告会自动添加到 Lansweeper Cloud 站点。 Lansweeper Cloud 包含在我们所有的许可证中,无需任何额外费用,并允许您将所有安装联合到一个视图中,因此您需要做的就是查看一份报告,该报告会在每个周二的补丁中自动添加!
.webp){kind=icon}
运行三月补丁星期二审核
| CVE Number | CVE Title |
| CVE-2023-24930 | Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability |
| CVE-2023-24923 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
| CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability |
| CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24913 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24911 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24910 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24909 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24908 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24907 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24906 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24890 | Microsoft OneDrive for iOS Security Feature Bypass Vulnerability |
| CVE-2023-24882 | Microsoft OneDrive for Android Information Disclosure Vulnerability |
| CVE-2023-24880 | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-24876 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24872 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24871 | Windows Bluetooth Service Remote Code Execution Vulnerability |
| CVE-2023-24870 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24869 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-24868 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24867 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-24866 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24865 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24864 | Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability |
| CVE-2023-24863 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24862 | Windows Secure Channel Denial of Service Vulnerability |
| CVE-2023-24861 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2023-24859 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2023-24858 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-24856 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability |
| CVE-2023-23946 | GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability |
| CVE-2023-23618 | GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability |
| CVE-2023-23423 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23422 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23421 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23420 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-23419 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23418 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2023-23417 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
| CVE-2023-23416 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2023-23415 | Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability |
| CVE-2023-23414 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-23413 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23412 | Windows Accounts Picture Elevation of Privilege Vulnerability |
| CVE-2023-23411 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2023-23410 | Windows HTTP.sys Elevation of Privilege Vulnerability |
| CVE-2023-23409 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
| CVE-2023-23408 | Azure Apache Ambari Spoofing Vulnerability |
| CVE-2023-23407 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability |
| CVE-2023-23406 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23405 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-23404 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2023-23403 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability |
| CVE-2023-23402 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-23401 | Windows Media Remote Code Execution Vulnerability |
| CVE-2023-23400 | Windows DNS Server Remote Code Execution Vulnerability |
| CVE-2023-23399 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2023-23398 | Microsoft Excel Spoofing Vulnerability |
| CVE-2023-23397 | Microsoft Outlook Elevation of Privilege Vulnerability |
| CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability |
| CVE-2023-23395 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2023-23394 | Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability |
| CVE-2023-23393 | Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability |
| CVE-2023-23392 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| CVE-2023-23391 | Office for Android Spoofing Vulnerability |
| CVE-2023-23389 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2023-23388 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
| CVE-2023-23385 | Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability |
| CVE-2023-23383 | Service Fabric Explorer Spoofing Vulnerability |
| CVE-2023-22743 | GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability |
| CVE-2023-22490 | GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability |
| CVE-2023-21708 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2023-1018 | CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege Vulnerability |
| CVE-2023-1017 | CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege Vulnerability |
| CVE-2022-43552 | Open Source Curl Remote Code Execution Vulnerability |
| CVE-2022-23825 | AMD: CVE-2022-23825 AMD CPU Branch Type Confusion |
| CVE-2022-23816 | AMD: CVE-2022-23816 AMD CPU Branch Type Confusion |
| CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability |
.webp)
