¡¾Îó²îͨ¸æ¡¿Î¢Èí8Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2024-08-14


Ò»¡¢Îó²î¸ÅÊö

2024Äê8ÔÂ14ÈÕ£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼¯ÍÅVSRC¼à²âµ½Î¢ÈíÐû²¼ÁË8ÔÂÇå¾²¸üУ¬±¾´Î¸üй²ÐÞ¸´ÁË89¸öÎó²î£¨²»°üÀ¨±¾ÔÂÔçЩʱ¼äÅû¶µÄ Microsoft Edge Îó²î£©£¬Îó²îÀàÐÍ°üÀ¨ÌØȨÌáÉýÎó²î¡¢Çå¾²¹¦Ð§ÈƹýÎó²î¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡¢ÐÅϢй¶Îó²î¡¢¾Ü¾ø·þÎñÎó²îºÍÓÕÆ­Îó²îµÈ¡£

±¾´ÎÇå¾²¸üÐÂÖаüÀ¨10¸ö0 dayÎó²î£¬ÆäÖÐ6¸ö±»Æð¾¢Ê¹Óã¬4¸öÒѾ­¹ûÕæÅû¶£º

CVE-2024-38178£ºScripting EngineÄÚ´æËð»µÎó²î

Windows¾ç±¾ÒýÇæÖб£´æÀàÐÍ»ìÏýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.5£¬¿Éͨ¹ýÓÕµ¼Ä¿µÄÓû§µã»÷ÌØÖÆURLÀ´Ê¹ÓøÃÎó²î£¨¸Ã¶ñÒâÁ´½ÓÐèÔÚInternet Explorer ģʽÏ嵀 Microsoft EdgeÖд¥·¢£©£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐУ¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38193£ºWindows Ancillary Function Driver for WinSockÌØȨÌáÉýÎó²î

Windows Ancillary Function Driver for WinSockÖб£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.8£¬ÀÖ³ÉʹÓøÃÎó²î¿É½«È¨ÏÞÌáÉýΪSYSTEM ȨÏÞ£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38213£ºWindows Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

Windows Mark of the Web Öб£´æÇå¾²¹¦Ð§ÈƹýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ6.5£¬ÍþвÕß¿Éͨ¹ýÏòÄ¿µÄÓû§·¢ËͶñÒâÎļþ²¢ÓÕʹÓû§·­¿ªÀ´Ê¹ÓøÃÎó²î£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÈƹýSmartScreenÍþв·À»¤£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38106£ºWindows KernelÌØȨÌáÉýÎó²î

WindowsÄں˱£´æȨÏÞÌáÉýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.0£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÒÔ»ñµÃSYSTEM ȨÏÞ£¬µ«ÐèÒªÓ®µÃ¾ºÕùÌõ¼þ£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38107£ºWindows Power Dependency Coordinator ÌØȨÌáÉýÎó²î

Windows µçÔ´ÒÀÀµÐÔЭµ÷Æ÷Öб£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.8£¬ÀÖ³ÉʹÓøÃÎó²î¿É½«È¨ÏÞÌáÉýΪSYSTEM ȨÏÞ£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38189£ºMicrosoft Project Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft ProjectÖб£´æÊäÈëÑéÖ¤²»µ±£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ8.8£¬¿Éͨ¹ýÓÕµ¼Êܺ¦ÕßÔÚϵͳÉÏ·­¿ª¶ñÒâµÄ Microsoft Office Project Îļþ£¨Èçͨ¹ý¶ñÒâµç×ÓÓʼþ¡¢WebÍøÕ¾»ò¼´Ê±ÐÂÎŵȣ©£¬µ«ÐèÒª¸ÃϵͳÖеġ°×èÖ¹´Ó»¥ÁªÍø»ñÈ¡µÄOfficeÎļþÖÐÔËÐкꡱսÂÔÒѱ»½ûÓ㬲¢ÇÒδÆôÓá°VBAºê֪ͨÉèÖá±£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐУ¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38199£ºWindows Line Printer Daemon (LPD) ServiceÔ¶³Ì´úÂëÖ´ÐÐÎó²î

WindowsÐÐʽ´òÓ¡»úÊØ»¤³ÌÐò (LPD) ·þÎñÖб£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ýÍøÂçÏò¹²ÏíµÄÒ×Êܹ¥»÷µÄWindows Line Printer Daemon (LPD) ·þÎñ·¢ËÍÌØÖƵĴòӡʹÃü£¬ÀÖ³ÉʹÓÿÉÄÜÔÚ·þÎñÆ÷Éϵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£ ΢Èí½¨ÒéÓû§²»Òª×°ÖûòÆôÓÃWindows Line Printer Daemon (LPD) ·þÎñ£¬Ä¬ÈÏÇéÐÎÏÂϵͳÉÏδװÖûòÆôÓà LPD£¬×ÔWindows Server 2012 Æð£¬LPD ÒÑÐû²¼ÆúÓá£

CVE-2024-21302£ºWindows Secure Kernel ModeÌØȨÌáÉýÎó²î

MicrosoftÖ§³Ö Virtualization Based Security (VBS)µÄ ¶à¸öWindows ϵͳ£¨°üÀ¨ Azure ÐéÄâ»ú SKUS µÄ×Ó¼¯£©Öб£´æÌØȨÌáÉýÎó²î£¬ÀÖ³ÉʹÓÿɻñµÃ SYSTEM ȨÏÞ£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ6.7£¬¿ÉÄܵ¼Ö¾ßÓÐÖÎÀíԱȨÏÞµÄÍþвÕßÄܹ»½«Ä¿½ñ°æ±¾µÄ Windows ϵͳÎļþÌ滻Ϊ¹ýʱ°æ±¾¡£Í¨¹ýʹÓøÃÎó²î£¬ÍþвÕß¿ÉÒÔÖØÐÂÒýÈë֮ǰÒÑÐÞ¸´/»º½âµÄÎó²î¡¢ÈƹýVBSÇå¾²¹¦Ð§²¢ÇÔÈ¡ÊÜVBS ±£»¤µÄÊý¾Ý£¨Windows Downdate ½µ¼¶¹¥»÷£©¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-38202£ºWindows Update StackÌØȨÌáÉýÎó²î

Windows Update Öб£´æÌØȨÌáÉýÎó²î£¬ÀÖ³ÉʹÓÿɻñµÃ SYSTEM ȨÏÞ£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.3, ¿ÉÄܵ¼Ö¾ßÓлù±¾Óû§È¨ÏÞµÄÍþвÕßÄܹ»ÖØÐÂÒýÈë֮ǰÒÑÐÞ¸´/»º½âµÄÎó²î»òÈƹýVBS µÄijЩ¹¦Ð§£¨Windows Downdate ½µ¼¶¹¥»÷£©£¬ÀÖ³ÉʹÓøÃÎó²îÐèÒªÓÕµ¼ÖÎÀíÔ±»ò¾ßÓÐίÅÉȨÏÞµÄÓû§Ö´ÐÐϵͳ»¹Ô­£¬´Ó¶ø´¥·¢¸ÃÎó²î¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£Î¢ÈíÕýÔÚ¿ª·¢Çå¾²¸üÐÂÀ´»º½â¸ÃÎó²î£¬µ«ÏÖÔÚÉÐδÐû²¼¡£

CVE-2024-38200£ºMicrosoft Office ÓÕÆ­Îó²î

Microsoft OfficeÖб£´æÐÅϢй¶Îó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ6.5£¬ÍþвÕß¿Éͨ¹ýÓÕµ¼Óû§µã»÷¶ñÒâÁ´½Ó£¨Èçͨ¹ýµç×ÓÓʼþ»ò¼´Ê±Í¨Ñ¶ÐÂÎÅ£©²¢·­¿ªÌØÖÆÎļþ£¨ÍйÜÔÚ¶ñÒâÍøÕ¾ÉÏ£©À´Ê¹ÓøÃÎó²î£¬È»ºóÆÈʹ Office ½¨ÉèÓëÔ¶³Ì¹²ÏíµÄ³öÕ¾ÅþÁ¬£¬´ÓÖÐÇÔÈ¡·¢Ë굀 NTLM ¹þÏ££¬µ¼ÖÂÃô¸ÐÐÅϢй¶¡£¿Éͨ¹ý½«Óû§Ìí¼Óµ½Êܱ£»¤Óû§Çå¾²×飬ÒÔ±ÜÃâʹÓà NTLM ×÷ΪÉí·ÝÑéÖ¤»úÖÆ£¬»òʹÓÃÍâΧ·À»ðǽ¡¢ÍâµØ·À»ðǽºÍ VPN ÉèÖÃ×èÖ¹ TCP 445/SMB ´ÓÍøÂç³öÕ¾£¨Õ⽫×èÖ¹ÏòÔ¶³ÌÎļþ¹²Ïí·¢ËÍ NTLM Éí·ÝÑéÖ¤ÐÂÎÅ£©À´»º½â¸ÃÎó²î¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

±¾´ÎÇå¾²¸üÐÂÖÐÐÞ¸´µÄ9¸öÑÏÖØÎó²îΪ£º

l  CVE-2024-38063£ºWindows TCP/IP Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Windows TCP/IPÖб£´æÕûÊýÏÂÒçÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÏò Windows ÅÌËã»úÖظ´·¢ËÍ°üÀ¨ÌØÖÆÊý¾Ý°üµÄ IPv6 Êý¾Ý°ü£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£ÈôÊÇÄ¿µÄÅÌËã»úÉϽûÓà IPv6£¬ÏµÍ³²»»áÊܵ½Ó°Ï졣΢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±¡£

l  CVE-2024-38160£ºWindows Network VirtualizationÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Windows ÍøÂçÐéÄ⻯±£´æ¶Ñ»º³åÇøÒç³öÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.1£¬ÍþвÕß¿ÉÒÔʹÓà Windows Server 2016 µÄ wnv.sys ×é¼þÖÐδ¾­¼ì²éµÄ·µ»ØÖµÀ´Ê¹ÓøÃÎó²î£¬Í¨¹ýʹÓÃÄÚ´æÐÎò·ûÁбí (MDL) µÄÄÚÈÝ£¬¿ÉÄܵ¼ÖÂδ¾­ÊÚȨµÄÄÚ´æдÈ룬ÉõÖÁÊÍ·ÅÄ¿½ñÕýÔÚʹÓõÄÓÐÓÿ飬´Ó¶øµ¼Ö¿ͻ§»úµ½Ö÷»úÌÓÒÝ£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

l  CVE-2024-38159£ºWindows Network VirtualizationÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Windows ÍøÂçÐéÄ⻯±£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.1£¬ÍþвÕß¿ÉÒÔʹÓà Windows Server 2016 µÄ wnv.sys ×é¼þÖÐδ¾­¼ì²éµÄ·µ»ØÖµÀ´Ê¹ÓøÃÎó²î£¬Í¨¹ýʹÓÃÄÚ´æÐÎò·ûÁбí (MDL) µÄÄÚÈÝ£¬¿ÉÄܵ¼ÖÂδ¾­ÊÚȨµÄÄÚ´æдÈ룬ÉõÖÁÊÍ·ÅÄ¿½ñÕýÔÚʹÓõÄÓÐÓÿ飬´Ó¶øµ¼Ö¿ͻ§»úµ½Ö÷»úÌÓÒÝ£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

l  CVE-2024-38140£ºWindows Reliable Multicast Transport Driver (RMCAST) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Windows ¿É¿¿¶à²¥´«ÊäÇý¶¯³ÌÐò (RMCAST) ±£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿ÉÒÔͨ¹ýÏò·þÎñÆ÷É쵀 Windows Pragmatic General Multicast (PGM) ¿ª·ÅÌ×½Ó×Ö·¢ËÍÌØÖƵÄÊý¾Ý°üÀ´Ê¹ÓøÃÎó²î£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£¸ÃÎó²î½öÔÚÓгÌÐò¼àÌýPGM¶Ë¿ÚµÄÇéÐÎϲſɱ»Ê¹Óã¬ÈôÊÇPGMÒÑ×°ÖûòÆôÓ㬵«Ã»ÓгÌÐò×÷ΪÎüÊÕÆ÷×Ô¶¯¼àÌý£¬Ôò¸ÃÎó²î²»¿É±»Ê¹Óᣲ»½¨Ò齫 PGM ÎüÊÕÆ÷̻¶ÔÚ¹«¹²»¥ÁªÍøÉÏ£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

l  CVE-2024-38109£ºAzure Health Bot ÌØȨÌáÉýÎó²î

l  CVE-2024-38206£ºMicrosoft Copilot Studio ÐÅϢй¶Îó²î

l  CVE-2024-38166£ºMicrosoft Dynamics 365 ¿çÕ¾¾ç±¾Îó²î

l  CVE-2022-3775£ºRedhat-CVE-2022-3775 grub2 - äÖȾijЩ Unicode ÐòÁÐʱ»ùÓڶѵÄÔ½½çдÈë

l  CVE-2023-40547£ºRedhat£ºCVE-2023-40547 Shim - HTTP Æô¶¯Ö§³ÖÖÐµÄ RCE ¿ÉÄܵ¼ÖÂÇå¾²Æô¶¯Èƹý

³ýCVE-2024-38063Í⣬΢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀÖÐÆäËû¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±µÄÎó²î»¹°üÀ¨£º

l  CVE-2024-38133£ºWindows ÄÚºËÌØȨÌáÉýÎó²î

l  CVE-2024-38148£ºWindows Secure Channel¾Ü¾ø·þÎñÎó²î

l  CVE-2024-38163£ºWindows Update StackÌØȨÌáÉýÎó²î

l  CVE-2024-38198£ºWindows Print SpoolerÌØȨÌáÉýÎó²î

l  CVE-2024-38196£ºWindows Common Log File System DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38141£ºWindows Ancillary Function Driver for WinSockÌØȨÌáÉýÎó²î

l  CVE-2024-38125/ CVE-2024-38144£ºKernel Streaming WOW Thunk Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38147/ CVE-2024-38150£ºMicrosoft DWM Core LibraryÌØȨÌáÉýÎó²î

΢Èí8Ô¸üÐÂÉæ¼°µÄ²¿·ÖÎó²îÁбíÈçÏ£¬ÆäÖв»°üÀ¨Chrome·Ö·¢µÄ9¸öMicrosoft Edge (Chromium-based)Îó²î£º

CVE ID

CVE ÎÊÌâ

ÑÏÖØÐÔ

CVE-2024-38109

Azure   Health Bot ÌØȨÌáÉýÎó²î

ÑÏÖØ

CVE-2024-38206

Microsoft   Copilot Studio ÐÅϢй¶Îó²î

ÑÏÖØ

CVE-2024-38166

Microsoft   Dynamics 365 ¿çÕ¾¾ç±¾Îó²î

ÑÏÖØ

CVE-2024-38140

Windows   Reliable Multicast Transport Driver (RMCAST) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38160

Windows   Network VirtualizationÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38159

Windows   Network VirtualizationÔ¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2022-3775

Redhat£ºCVE-2022-3775 grub2 - äÖȾijЩ Unicode ÐòÁÐʱ»ùÓڶѵÄÔ½½çдÈë

ÑÏÖØ

CVE-2023-40547

Redhat£ºCVE-2023-40547 Shim - HTTP Æô¶¯Ö§³ÖÖÐµÄ RCE ¿ÉÄܵ¼ÖÂÇå¾²Æô¶¯Èƹý

ÑÏÖØ

CVE-2024-38063

Windows   TCP/IP Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38168

.NET ºÍ Visual Studio ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38167

.NET ºÍ Visual Studio ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38162

Azure   Connected Machine Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38098

Azure   Connected Machine Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38195

Azure   CycleCloud Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38158

Azure IoT   SDK Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38157

Azure IoT   SDK Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38108

Azure   Stack Hub ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38201

Azure   Stack Hub ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38199

Windows   Line Printer Daemon (LPD) ServiceÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38123

Windows À¶ÑÀÇý¶¯³ÌÐòÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38211

Microsoft   Dynamics 365£¨on-premises£©¿çÕ¾µã¾ç±¾Îó²î

¸ßΣ

CVE-2024-38218

Microsoft   Edge£¨»ùÓÚ HTML£©ÄÚ´æËð»µÎó²î

¸ßΣ

CVE-2024-38118

Microsoft   Local Security Authority (LSA) Server ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38122

Microsoft   Local Security Authority (LSA) Server ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38200

Microsoft   Office ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38084

Microsoft   OfficePlus ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38172

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38170

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38173

Microsoft   Outlook Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38171

Microsoft   PowerPoint Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38189

Microsoft   Project Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38169

Microsoft   Office Visio Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38134

Kernel   Streaming WOW Thunk Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38144

Kernel   Streaming WOW Thunk Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38125

Kernel   Streaming WOW Thunk Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38197

Microsoft   Teams for iOS ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38152

Windows   OLE Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37968

Windows   DNS ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38141

Windows   Ancillary Function Driver for WinSock ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38193

Windows   Ancillary Function Driver for WinSock ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38177

Windows   App Installer ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38131

Clipboard   Virtual Channel Extension Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38215

Windows   Cloud Files Mini Filter Çý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38196

Windows ͨÓÃÈÕÖ¾ÎļþϵͳÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38165

Windows ѹËõÎļþ¼Ð¸Ä¶¯Îó²î

¸ßΣ

CVE-2024-38138

Windows °²ÅÅ·þÎñÔ¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38150

Windows   DWM ½¹µã¿âÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38147

Microsoft   DWM ½¹µã¿âÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38223

Windows   Initial Machine Configuration ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38114

Windows IP   ·ÓÉÖÎÀíµ¥Î»Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38116

Windows IP   ·ÓÉÖÎÀíµ¥Î»Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38115

Windows IP   ·ÓÉÖÎÀíµ¥Î»Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-29995

Windows   Kerberos ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38151

Windows ÄÚºËÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38133

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38127

Windows   Hyper-V ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38153

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38106

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38187

Windows ÄÚºËģʽÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38191

ÄÚºËÁ÷·þÎñÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38184

Windows ÄÚºËģʽÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38186

Windows ÄÚºËģʽÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38185

Windows ÄÚºËģʽÇý¶¯³ÌÐòÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38146

Windows   Layer-2 Bridge Network Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38145

Windows   Layer-3 Bridge Network Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38161

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38132

Windows ÍøÂçµØµãת»» (NAT) ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38126

Windows ÍøÂçµØµãת»» (NAT) ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38135

Windows µ¯ÐÔÎļþϵͳ (ReFS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38117

NTFS ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38107

Windows   Power Dependency Coordinator ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38198

Windows   Print Spooler ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38137

Windows   Resource Manager PSM Service Extension ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38136

Windows   Resource Manager PSM Service Extension ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38130

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38128

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38154

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38121

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38214

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38120

Windows ·ÓɺÍÔ¶³Ì»á¼û·þÎñ (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38178

Scripting   Engine ÄÚ´æËð»µÎó²î

¸ßΣ

CVE-2022-2601

Redhat£ºCVE-2022-2601 grub2 - grub_font_construct_glyph() ÖеĻº³åÇøÒç³ö¿ÉÄܵ¼ÖÂÔ½½çдÈë²¢¿ÉÄÜÈƹýÇå¾²Æô¶¯

¸ßΣ

CVE-2024-21302

Windows Çå¾²ÄÚºËģʽÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38142

Windows Çå¾²ÄÚºËģʽÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38155

Security   Center Broker ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38180

Windows   SmartScreen Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-38148

Windows   Secure Channel ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38202

Windows   Update Stack ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38163

Windows   Update Stack ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38143

Windows   WLAN AutoConfig ·þÎñÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38213

Windows   Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

ÖÐΣ

CVE-2024-38219

Microsoft   Edge£¨»ùÓÚ Chromium£©Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÖÐΣ

CVE-2024-38222

Microsoft   Edge£¨»ùÓÚ Chromium£©ÐÅϢй¶Îó²î

δ֪

 

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°ÏìµÄ²úÆ·/¹¦Ð§/·þÎñ/×é¼þ°üÀ¨£º

Windows Secure Kernel Mode

Windows Kerberos

Microsoft Windows DNS

Windows TCP/IP

Microsoft Office

Azure Connected Machine Agent

Windows Kernel

Windows Power Dependency Coordinator

Azure Stack

Azure Health Bot

Windows IP Routing Management Snapin

Windows NTFS

Microsoft Local Security Authority Server (lsasrv)

Windows Routing and Remote Access Service (RRAS)

Microsoft Bluetooth Driver

Microsoft Streaming Service

Windows Network Address Translation (NAT)

Windows Clipboard Virtual Channel Extension

Windows NT OS Kernel

Windows Resource Manager

Windows Deployment Services

Reliable Multicast Transport Driver (RMCAST)

Windows Ancillary Function Driver for WinSock

Windows WLAN Auto Config Service

Windows Layer-2 Bridge Network Driver

Windows DWM Core Library

Windows Transport Security Layer (TLS)

Microsoft WDAC OLE DB provider for SQL

Windows Security Center

Azure IoT SDK

Windows Network Virtualization

Windows Mobile Broadband

Windows Update Stack

Windows Compressed Folder

Microsoft Dynamics

.NET and Visual Studio

Microsoft Office Visio

Microsoft Office Excel

Microsoft Office PowerPoint

Microsoft Office Outlook

Windows App Installer

Windows Scripting

Windows SmartScreen

Windows Kernel-Mode Drivers

Microsoft Office Project

Azure CycleCloud

Windows Common Log File System Driver

Microsoft Teams

Windows Print Spooler Components

Line Printer Daemon Service (LPD)

Microsoft Copilot Studio

Windows Mark of the Web (MOTW)

Windows Cloud Files Mini Filter Driver

Microsoft Edge (Chromium-based)

Windows Initial Machine Configuration

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚ΢ÈíÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬵±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öá£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öá£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£

2024Äê8ÔÂÇå¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug

²¹¶¡ÏÂÔØʾÀý£¨²Î¿¼£©£º

1.·­¿ªÉÏÊöÏÂÔØÁ´½Ó£¬µã»÷Îó²îÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó¡£

image.png

Àý1£ºÎ¢ÈíÎó²îÁÐ±í£¨Ê¾Àý£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÆ·¡¿Ñ¡ÔñÏìÓ¦µÄϵͳÀàÐÍ£¬µã»÷ÓҲࡾÏÂÔØ¡¿´¦·­¿ª²¹¶¡ÏÂÔØÁ´½Ó¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Çå¾²¸üС¿£¬·­¿ª²¹¶¡ÏÂÔØÒ³Ã棬ÏÂÔØÏìÓ¦²¹¶¡²¢¾ÙÐÐ×°Öá£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.×°ÖÃÍê³ÉºóÖØÆôÅÌËã»ú¡£

3.2 ÔÝʱ²½·¥

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬ïÔ̭ϵͳÎó²î£¬ÌáÉý·þÎñÆ÷µÄÇå¾²ÐÔ¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬Ð޸ķÀ»ðǽսÂÔ£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬ïÔÌ­½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬ïÔÌ­¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38063

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38202

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-08-14

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼ò½é

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø½¨ÉèÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Çå¾²·þÎñ½â¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£

5.2 ¹ØÓÚÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png