¡¾Îó²îͨ¸æ¡¿Î¢Èí9Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2024-09-11


Ò»¡¢Îó²î¸ÅÊö

2024Äê9ÔÂ11ÈÕ£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼¯ÍÅVSRC¼à²âµ½Î¢ÈíÐû²¼ÁË9ÔÂÇå¾²¸üУ¬±¾´Î¸üй²ÐÞ¸´ÁË79¸öÎó²î£¬Îó²îÀàÐÍ°üÀ¨ÌØȨÌáÉýÎó²î¡¢Çå¾²¹¦Ð§ÈƹýÎó²î¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡¢ÐÅϢй¶Îó²î¡¢¾Ü¾ø·þÎñÎó²îºÍÓÕÆ­Îó²îµÈ¡£

±¾´ÎÇå¾²¸üÐÂÖаüÀ¨4¸ö±»Æð¾¢Ê¹ÓõÄ0 dayÎó²î£¬ÆäÖÐ1¸öÒѾ­¹ûÕæÅû¶£º

CVE-2024-38014£ºWindows Installer ÌØȨÌáÉýÎó²î

Windows InstallerÖб£´æȨÏÞÌáÉýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.8£¬ÀÖ³ÉʹÓøÃÎó²îµÄÍþвÕß¿É»ñµÃ SYSTEM ȨÏÞ£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38217£ºWindows Mark of the WebÇå¾²¹¦Ð§ÈƹýÎó²î

Windows Mark of the WebÖб£´æÇå¾²¹¦Ð§ÈƹýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ5.4£¬ÍþвÕß¿ÉÒÔÔÚÆä¿ØÖƵķþÎñÆ÷ÉÏÍйÜÒ»¸öÄܹ»Ì Web ±ê¼Ç (MOTW) ·ÀÓùµÄ¶ñÒâÎļþ£¬È»ºóÓÕʹĿµÄÓû§ÏÂÔز¢·­¿ª¸ÃÎļþ£¬´Ó¶øµ¼ÖÂÇå¾²¹¦Ð§£¨ÈçSmartScreenÓ¦ÓóÌÐòÐÅÓþÇå¾²¼ì²é»ò¾É°æWindows¸½¼þ·þÎñÇå¾²ÌáÐÑ£©Èƹý¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬ÇÒÒѼì²âµ½Îó²îʹÓá£

CVE-2024-38226£ºMicrosoft Publisher Çå¾²¹¦Ð§ÈƹýÎó²î

Microsoft Publisher±£´æÇå¾²¹¦Ð§ÈƹýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.3£¬ÍþвÕß¿Éͨ¹ýÓÕµ¼Êܺ¦ÕßÏÂÔز¢·­¿ªÌØÖÆÎļþÀ´Ê¹ÓøÃÎó²î£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÈƹýÓÃÓÚ×èÖ¹²»ÊÜÐÅÍлò¶ñÒâÎļþµÄOfficeºêÕ½ÂÔ£¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£

CVE-2024-43491£ºMicrosoft Windows UpdateÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft·þÎñ¿ÍÕ»Öб£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬¿ÉÄܵ¼Ö»عöÓ°ÏìWindows 10 1507ÉÏ¿ÉÑ¡×é¼þµÄһЩÎó²îµÄÐÞ¸´£¬´Ó¶øµ¼ÖÂÍþвÕß¿ÉÒÔʹÓà Windows 10 °æ±¾1507£¨Windows 10 Enterprise 2015 LTSB ºÍ Windows 10 IoT Enterprise 2015 LTSB£©ÏµÍ³ÉÏÕâЩ֮ǰÒÑÐÞ¸´/»º½âµÄÎó²î£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐУ¬ÏÖÔÚ¸ÃÎó²îÒѼì²âµ½Îó²îʹÓá£ÊÜÓ°ÏìÓû§¿Éͨ¹ý°´Ë³Ðò×°Öà 2024Äê9Ô·þÎñ¿ÍÕ»¸üР(SSU KB5043936) ºÍ2024Äê9ÔÂWindowsÇå¾²¸üР(KB5043083) À´ÐÞ¸´¸Ã·þÎñ¿ÍÕ»Îó²î¡£

³ýCVE-2024-43491Í⣬±¾´ÎÇå¾²¸üÐÂÖÐÐÞ¸´µÄÆäËû6¸öÑÏÖØÎó²îΪ£º

CVE-2024-43464£ºMicrosoft SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft SharePoint ServerÖб£´æ·´ÐòÁл¯Îó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.2£¬¾­ÓÉÉí·ÝÑéÖ¤ÇÒÓµÓÐÕ¾µãËùÓÐÕßȨÏÞµÄÍþвÕß¿ÉÒÔ½«ÌØÖÆÎļþÉÏ´«µ½Ä¿µÄ SharePoint Server£¬²¢Í¨¹ýÌØÖÆAPI ÇëÇóÒÔ´¥·¢Îļþ²ÎÊýµÄ·´ÐòÁл¯£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂÔÚ SharePoint Server ÉÏÏÂÎÄÖÐʵÏÖÔ¶³Ì´úÂëÖ´ÐУ¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±¡£

CVE-2024-38018£ºMicrosoft SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft SharePoint ServerÖб£´æ·´ÐòÁл¯Îó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ8.8£¬¾­ÓÉÉí·ÝÑéÖ¤µÄÔ¶³ÌÍþвÕß¿ÉʹÓøÃÎó²îÔÚ SharePoint Server ÉÏʵÏÖÔ¶³Ì´úÂëÖ´ÐУ¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±¡£

CVE-2024-38119£ºWindows Network Address Translation (NAT) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Windows ÍøÂçµØµãת»» (NAT)±£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.5£¬ÏàÁÚÍøÂçµÄÍþвÕß¿ÉʹÓøÃÎó²îµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬ÀÖ³ÉÀû¸ÃÎó²îÐèÒªÓ®µÃ¾ºÕùÌõ¼þ£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡±¡£

CVE-2024-38216/ CVE-2024-38220£ºAzure Stack Hub ÌØȨÌáÉýÎó²î

CVE-2024-38194£ºAzure Web Apps ÌØȨÌáÉýÎó²î

³ýCVE-2024-43464ºÍCVE-2024-38018Í⣬΢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀÖÐÆäËû ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±µÄÎó²î»¹°üÀ¨£º

l CVE-2024-38227£ºMicrosoft SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

l  CVE-2024-38228£ºMicrosoft SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

l  CVE-2024-38237£ºKernel Streaming WOW Thunk Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38238£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38241£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38242£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38243£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38244£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38245£ºKernel Streaming Service DriverÌØȨÌáÉýÎó²î

l  CVE-2024-38246£ºWin32kÌØȨÌáÉýÎó²î

l  CVE-2024-38247£ºWindows Graphics ComponentÌØȨÌáÉýÎó²î

l  CVE-2024-38249£ºWindows Graphics ComponentÌØȨÌáÉýÎó²î

l  CVE-2024-38252£ºWindows Win32 Kernel SubsystemÌØȨÌáÉýÎó²î

l  CVE-2024-38253£ºWindows Win32 Kernel SubsystemÌØȨÌáÉýÎó²î

l  CVE-2024-43457£ºWindows Setup and DeploymentÌØȨÌáÉýÎó²î

l  CVE-2024-43461£ºWindows MSHTML PlatformÓÕÆ­Îó²î

l  CVE-2024-43487£ºWindows Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

΢Èí9Ô¸üÐÂÐÞ¸´µÄÎó²îÁбíÈçÏ£º

CVE-ID

CVE ÎÊÌâ

ÑÏÖØÐÔ

CVE-2024-38216

Azure   Stack Hub ÌØȨÌáÉýÎó²î

ÑÏÖØ

CVE-2024-38220

Azure   Stack Hub ÌØȨÌáÉýÎó²î

ÑÏÖØ

CVE-2024-38194

Azure Web   Apps ÌØȨÌáÉýÎó²î

ÑÏÖØ

CVE-2024-43464

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38018

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38119

Windows   Network Address Translation (NAT) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-43491

Microsoft   Windows Update Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-43469

Azure   CycleCloud Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38188

Azure   Network Watcher VM Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43470

Azure   Network Watcher VM Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38225

Microsoft   Dynamics 365 Business Central ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43492

Microsoft   AutoUpdate (MAU) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43476

Microsoft   Dynamics 365 (on-premises) ¿çÕ¾¾ç±¾Îó²î

¸ßΣ

CVE-2024-38247

Windows   Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38250

Windows   Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38249

Windows   Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38259

Microsoft   Management Console Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43465

Microsoft   Excel ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38226

Microsoft   Publisher Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-38227

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38228

Microsoft   SharePoint Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43466

Microsoft   SharePoint Server ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43463

Microsoft   Office Visio Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43482

Microsoft   Outlook for iOS ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38245

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38241

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38242

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38244

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38243

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38237

Kernel   Streaming WOW Thunk Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38238

Kernel   Streaming Service Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43479

Microsoft   Power Automate Desktop Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38235

Windows   Hyper-V ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-37338

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37980

Microsoft   SQL Server ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-26191

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37339

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37337

Microsoft   SQL Server Native Scoring ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-26186

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37342

Microsoft   SQL Server Native Scoring ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43474

Microsoft   SQL Server ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-37335

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37966

Microsoft   SQL Server Native Scoring ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-37340

Microsoft   SQL Server Native Scoring Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37965

Microsoft   SQL Server ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-37341

Microsoft   SQL Server ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43475

Microsoft   Windows Admin Center ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38257

Microsoft   AllJoyn API ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38254

Windows   Authentication ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38236

DHCP   Server Service ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38014

Windows   Installer ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38239

Windows   Kerberos ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38256

Windows   Kernel-Mode Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43495

Windows   libarchive Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38217

Windows   Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43461

Windows   MSHTML Platform ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-38232

Windows   Networking ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38233

Windows   Networking ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38234

Windows   Networking ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43458

Windows   Networking ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38046

PowerShell   ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38240

Windows   Remote Access Connection Manager ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38231

Windows   Remote Desktop Licensing Service ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38258

Windows   Remote Desktop Licensing Service ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43467

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43454

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38263

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38260

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43455

Windows   Remote Desktop Licensing Service ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-30073

Windows   Security Zone Mapping Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43457

Windows   Setup and Deployment ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38230

Windows   Standards-Based Storage Management ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38248

Windows   Storage ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-21416

Windows   TCP/IP Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38045

Windows   TCP/IP Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38246

Win32k ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38252

Windows   Win32 Kernel Subsystem ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38253

Windows   Win33 Kernel Subsystem ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43487

Windows   Mark of the Web Çå¾²¹¦Ð§ÈƹýÎó²î

ÖÐΣ

 

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°ÏìµÄ²úÆ·/¹¦Ð§/·þÎñ/×é¼þ°üÀ¨£º

Windows TCP/IP

SQL Server

Windows Security Zone Mapping

Windows Installer

Microsoft Office SharePoint

Windows PowerShell

Windows Network Address Translation (NAT)

Azure Network Watcher

Azure Web Apps

Azure Stack

Windows Mark of the Web (MOTW)

Dynamics Business Central

Microsoft Office Publisher

Windows Standards-Based Storage Management Service

Windows Remote Desktop Licensing Service

Windows Network Virtualization

Role: Windows Hyper-V

Windows DHCP Server

Microsoft Streaming Service

Windows Kerberos

Windows Remote Access Connection Manager

Windows Win32K - GRFX

Microsoft Graphics Component

Windows Storage

Windows Win32K - ICOMP

Windows Authentication Methods

Windows Kernel-Mode Drivers

Windows AllJoyn API

Microsoft Management Console

Windows Setup and Deployment

Windows MSHTML Platform

Microsoft Office Visio

Microsoft Office Excel

Azure CycleCloud

Windows Admin Center

Microsoft Dynamics 365 (on-premises)

Power Automate

Microsoft Outlook for iOS

Windows Update

Microsoft AutoUpdate (MAU)

Windows Libarchive

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚ΢ÈíÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬵±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öá£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüС£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üС£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öá£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüС£

2024Äê9ÔÂÇå¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

²¹¶¡ÏÂÔØʾÀý£¨²Î¿¼£©£º

1.·­¿ªÉÏÊöÏÂÔØÁ´½Ó£¬µã»÷Îó²îÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó¡£

image.png

Àý1£ºÎ¢ÈíÎó²îÁÐ±í£¨Ê¾Àý£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÆ·¡¿ÁÐÑ¡ÔñÏìÓ¦µÄϵͳÀàÐÍ£¬µã»÷ÓҲࡾÏÂÔØ¡¿Áз­¿ª²¹¶¡ÏÂÔØÁ´½Ó¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Çå¾²¸üС¿£¬·­¿ª²¹¶¡ÏÂÔØÒ³Ã棬ÏÂÔØÏìÓ¦²¹¶¡²¢¾ÙÐÐ×°Öá£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.×°ÖÃÍê³ÉºóÖØÆôÅÌËã»ú¡£

3.2 ÔÝʱ²½·¥

ÔÝÎÞ¡£

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬ïÔ̭ϵͳÎó²î£¬ÌáÉý·þÎñÆ÷µÄÇå¾²ÐÔ¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬Ð޸ķÀ»ðǽսÂÔ£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬ïÔÌ­½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬ïÔÌ­¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43491

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-09-11

Ê×´ÎÐû²¼

 


Îå¡¢¸½Â¼

5.1 ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼ò½é

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø½¨ÉèÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Çå¾²·þÎñ½â¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æ𾢡£

5.2 ¹ØÓÚÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png