¡¾Îó²îͨ¸æ¡¿Î¢Èí10Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2024-10-09

Ò»¡¢Îó²î¸ÅÊö

2024Äê10ÔÂ9ÈÕ£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼¯ÍÅVSRC¼à²âµ½Î¢ÈíÐû²¼ÁË10ÔÂÇå¾²¸üУ¬±¾´Î¸üй²ÐÞ¸´ÁË118¸öÎó²î£¨²»°üÀ¨Ö®Ç°ÐÞ¸´µÄ3¸öEdgeÎó²î£©£¬Îó²îÀàÐÍ°üÀ¨ÌØȨÌáÉýÎó²î¡¢Çå¾²¹¦Ð§ÈƹýÎó²î¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î¡¢ÐÅϢй¶Îó²î¡¢¾Ü¾ø·þÎñÎó²îºÍÓÕÆ­Îó²îµÈ ¡£

±¾´ÎÇå¾²¸üÐÂÖаüÀ¨5¸öÒѾ­¹ûÕæÅû¶µÄ0 dayÎó²î£¬ÆäÖÐ2¸öÒÑ·¢Ã÷±»Ê¹Óãº

CVE-2024-43573£ºWindows MSHTML PlatformÓÕÆ­Îó²î

Windows MSHTML ƽ̨£¨¸Ãƽ̨ÒÔÇ°±»Internet Explorer ºÍ¾É°æ Microsoft Edge ʹÓã¬Æä×é¼þÈÔ×°ÖÃÔÚWindows ÖУ©±£´æ¿çÕ¾¾ç±¾Îó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ6.5 ¡£ÍþвÕß¿ÉÓÕʹÊܺ¦Õßµã»÷ÌØÖÆÁ´½Ó»òä¯ÀÀ¶ñÒâÒ³Ãæʱ´¥·¢¸ÃÎó²î£¬´Ó¶ø¿ÉÄܵ¼Ö¶ñÒâ¾ç±¾ÔÚÓû§µÄä¯ÀÀÆ÷ÖÐÖ´ÐÐ ¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬ÇÒÒѼì²âµ½Îó²îʹÓà ¡£

CVE-2024-43572£ºMicrosoft Management ConsoleÔ¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft ÖÎÀí¿ØÖÆ̨±£´æ´úÂëÖ´ÐÐÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.8£¬ÍþвÕß¿Éͨ¹ýÓÕʹÊܺ¦Õß´ÓÍøÕ¾ÏÂÔز¢·­¿ªÌØÖƵÄMicrosoft Saved Console (MSC) ÎļþÀ´Ê¹ÓøÃÎó²î£¬ÀÖ³ÉʹÓÿÉÄܵ¼ÖÂí§Òâ´úÂëÖ´ÐÐ ¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬ÇÒÒѼì²âµ½Îó²îʹÓà ¡£

CVE-2024-6197£ºOpen Source Curl Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¿ªÔ´ CurlÖб£´æÎó²î£¨¸ÃÎó²îÓ°Ïìcurl¡¢ÏÂÁîÐй¤¾ßºÍǶÈëÔÚÖÖÖÖÈí¼þÖÐµÄ libcurl£¬ÓÉÓÚWindowsÖи½´øcurlÏÂÁîÐÐÒò´ËÒ×ÊܸÃÎó²îÓ°Ï죩£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ8.8£¬¿ÉÄܵ¼ÖÂÔÚ Curl ʵÑéÅþÁ¬µ½¶ñÒâ·þÎñÆ÷ʱִÐÐÏÂÁî ¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡± ¡£

CVE-2024-20659£ºWindows Hyper-V Çå¾²¹¦Ð§ÈƹýÎó²î

Windows Hyper-V±£´æÇå¾²¹¦Ð§ÈƹýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.1£¬ÀÖ³ÉʹÓøÃÎó²îÐèÒªÓû§ÖØÐÂÆô¶¯Æä»úе£¬ÔÚijЩÌض¨Ó²¼þÉÏ£¬ÀÖ³ÉʹÓøÃÎó²î¿ÉÄÜ»áÈƹý UEFI£¬Õâ¿ÉÄܵ¼ÖÂÐéÄâ»úÖÎÀí³ÌÐòºÍÇå¾²Äں˱»ÆÆËð ¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡± ¡£

CVE-2024-43583£ºWinlogon ÌØȨÌáÉýÎó²î

Winlogon±£´æÌØȨÌáÉýÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ7.8£¬ÀÖ³ÉʹÓøÃÎó²î¿É»ñµÃWindows ÖеÄSYSTEM ȨÏÞ ¡£ÏÖÔÚ¸ÃÎó²îÒѾ­¹ûÕæÅû¶£¬Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ± ¡£

±¾´ÎÇå¾²¸üÐÂÖÐÐÞ¸´µÄ3¸öÑÏÖØÎó²îΪ£º

CVE-2024-43468£ºMicrosoft Configuration Manager Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft Configuration Manager±£´æSQL×¢ÈëÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿Éͨ¹ýÏòÄ¿µÄÇéÐη¢ËͶñÒâÇëÇóÀ´Ê¹ÓøÃÎó²î£¬ÕâЩÇëÇóÒÔ²»Çå¾²µÄ·½·¨´¦Öóͷ££¬´Ó¶ø¿ÉÄܵ¼ÖÂÔÚ·þÎñÆ÷»òµ×²ãÊý¾Ý¿âÉÏÖ´ÐÐÏÂÁî ¡£Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡± ¡£

CVE-2024-43488£ºVisual Studio Code extension for Arduino Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Visual Studio Code extension for ArduinoÖÐȱÉÙ¶ÔÒªº¦¹¦Ð§µÄÉí·ÝÑéÖ¤£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ8.8£¬¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÍþвÕßͨ¹ýÍøÂç¹¥»÷µ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÐ ¡£ÏÖÔÚMicrosoft ÒÑÍêÈ«»º½â¸ÃÎó²î£¬ÊÜÓ°ÏìÓû§ÎÞÐè½ÓÄÉÈκβ½·¥ ¡£Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡± ¡£

CVE-2024-43582£ºRemote Desktop Protocol Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Remote Desktop Protocol ServerÖб£´æUse-After-FreeÎó²î£¬¸ÃÎó²îµÄCVSSÆÀ·ÖΪ8.1£¬Î´¾­Éí·ÝÑéÖ¤µÄÍþвÕß¿Éͨ¹ýÏò RPC Ö÷»ú·¢ËÍÃûÌùýʧµÄÊý¾Ý°ü£¬¿ÉÄܵ¼ÖÂÔÚ·þÎñÆ÷¶ËÒÔÓëRPC·þÎñÏàͬµÄȨÏÞÖ´ÐÐÔ¶³Ì´úÂ룬ÀÖ³ÉʹÓøÃÎó²îÐèÒªÓ®µÃ¾ºÕùÌõ¼þ ¡£Î¢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀΪ ¡°±»Ê¹ÓõĿÉÄÜÐÔ½ÏС¡± ¡£

³ýCVE-2024-43583Í⣬΢ÈíµÄ¿ÉʹÓÃÐÔÆÀ¹ÀÖÐÆäËû ¡°±»Ê¹ÓõĿÉÄÜÐԽϸߡ±µÄÎó²î»¹°üÀ¨£º

l  CVE-2024-43581/ CVE-2024-43615£ºMicrosoft OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐÐÎó²î

Microsoft OpenSSH for WindowsÖб£´æÎļþÃû»ò·¾¶µÄÍⲿ¿ØÖÆ£¬ÕâЩÎó²îµÄCVSSÆÀ·Ö¾ùΪ7.1£¬Ê¹ÓÃÄѶȽϸߣ¬ÐèÒªÊܺ¦ÕßÖ´ÐÐÌض¨µÄÎļþÖÎÀí²Ù×÷À´´¥·¢Îó²î£¬ÀÖ³ÉʹÓÿÉÄÜÔÚÄ¿µÄϵͳÉϵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÐ ¡£

l  CVE-2024-43502£ºWindows ÄÚºËÌØȨÌáÉýÎó²î

l  CVE-2024-43509£ºWindows Graphics ComponentÌØȨÌáÉýÎó²î

l  CVE-2024-43556£ºWindows Graphics ComponentÌØȨÌáÉýÎó²î

l  CVE-2024-43560£ºMicrosoft Windows Storage Port DriverÌØȨÌáÉýÎó²î

l  CVE-2024-43609£ºMicrosoft Office ÓÕÆ­Îó²î

΢Èí10Ô¸üÐÂÉæ¼°µÄÍêÕûÎó²îÁбíÈçÏ£º

CVE ID

CVE ÎÊÌâ

ÑÏÖØÐÔ

CVE-2024-43468

Microsoft   Configuration Manager Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-43488

Visual   Studio Code extension for Arduino Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-43582

Remote   Desktop Protocol Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

ÑÏÖØ

CVE-2024-38229

.NET ºÍ Visual Studio Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43485

.NET ºÍ Visual Studio ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43484

.NET¡¢.NET Framework ºÍ Visual Studio ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43483

.NET¡¢.NET Framework ºÍ Visual Studio ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43591

Azure   Command Line Integration (CLI) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38097

Azure   Monitor Agent ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38179

Azure   Stack Hyperconverged Infrastructure (HCI) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43506

BranchCache   ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38149

BranchCache   ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43585

Code   Integrity Guard Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43497

DeepSpeed Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43515

Internet   Small Computer Systems Interface (iSCSI) ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43517

Microsoft   ActiveX Data Objects Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43614

Microsoft   Defender for Endpoint for Linux ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43534

Windows   Graphics Component ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43508

Windows   Graphics Component ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43556

Windows   Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43509

Windows   Graphics Component ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43572

Microsoft   Management Console Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43616

Microsoft   Office Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43576

Microsoft   Office Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43609

Microsoft   Office ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43504

Microsoft   Excel Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43503

Microsoft   SharePoint ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43505

Microsoft   Office Visio Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43544

Microsoft   Simple Certificate Enrollment Protocol ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43541

Microsoft   Simple Certificate Enrollment Protocol ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43519

Microsoft   WDAC OLE DB provider for SQL Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43574

Microsoft   Speech Application Programming Interface (SAPI) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43615

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43581

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38029

Microsoft   OpenSSH for Windows Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43604

Outlook   for Android ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43612

Power BI   Report Server ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43481

Power BI   Report Server ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43533

Remote   Desktop Client Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43599

Remote   Desktop Client Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43521

Windows   Hyper-V ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-20659

Windows   Hyper-V Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43567

Windows   Hyper-V ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43575

Windows   Hyper-V ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43532

Remote   Registry Service ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43480

Azure   Service Fabric for Linux Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43571

Sudo for   Windows ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43590

Visual C++   Redistributable Installer ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43603

Visual   Studio Collector Service ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43601

Visual   Studio Code for Linux Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43563

Windows   Ancillary Function Driver for WinSock ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43513

BitLocker Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43501

Windows   Common Log File System Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43546

Windows   Cryptographic ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-6197

Open   Source Curl Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-37982

Windows   Resume Extensible Firmware Interface Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-37976

Windows   Resume Extensible Firmware Interface Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-37983

Windows   Resume Extensible Firmware Interface Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-30092

Windows   Hyper-V Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43547

Windows   Kerberos ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-38129

Windows   Kerberos ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43502

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43511

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43520

Windows Äں˾ܾø·þÎñÎó²î

¸ßΣ

CVE-2024-43527

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43570

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-37979

Windows ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43554

Windows   Kernel-Mode Driver ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43535

Windows   Kernel-Mode Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43522

Windows   Local Security Authority (LSA) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43555

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43540

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43536

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43538

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43525

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43559

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43561

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43558

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43542

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43557

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43526

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43543

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43523

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43524

Windows   Mobile Broadband Driver Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43537

Windows   Mobile Broadband Driver ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-38124

Windows   Netlogon ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43562

Windows ÍøÂçµØµãת»» (NAT) ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43565

Windows ÍøÂçµØµãת»» (NAT) ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43553

NT OS ÄÚºËÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43514

Windows   Resilient File System (ReFS) ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43545

Windows   Online Certificate Status Protocol (OCSP) ·þÎñÆ÷¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43529

Windows   Print Spooler ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-38262

Windows   Remote Desktop Licensing Service Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43456

Windows   Remote Desktop Services ¸Ä¶¯Îó²î

¸ßΣ

CVE-2024-43500

Windows   Resilient File System (ReFS) ÐÅϢй¶Îó²î

¸ßΣ

CVE-2024-43592

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43589

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38212

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43593

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38261

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43611

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43453

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-38265

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43607

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43549

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43608

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43564

Windows   Routing and Remote Access Service (RRAS) Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43584

Windows   Scripting Engine Çå¾²¹¦Ð§ÈƹýÎó²î

¸ßΣ

CVE-2024-43550

Windows   Secure Channel ÓÕÆ­Îó²î

¸ßΣ

CVE-2024-43516

Windows   Secure Kernel Mode ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43528

Windows   Secure Kernel Mode ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43552

Windows   Shell Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43512

Windows   Standards-Based Storage Management Service ¾Ü¾ø·þÎñÎó²î

¸ßΣ

CVE-2024-43551

Windows   Storage ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43560

Microsoft   Windows Storage Port Driver ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43518

Windows   Telephony Server Ô¶³Ì´úÂëÖ´ÐÐÎó²î

¸ßΣ

CVE-2024-43583

Winlogon ÌØȨÌáÉýÎó²î

¸ßΣ

CVE-2024-43573

Windows   MSHTML Platform ÓÕÆ­Îó²î

ÖÐΣ

CVE-2024-9369

Chromium£ºCVE-2024-9369 Mojo ÖеÄÊý¾ÝÑé֤ȱ·¦

δ֪

CVE-2024-9370

Chromium£ºCVE-2024-9370 V8 ÖеIJ»Êʵ±ÊµÏÖ

δ֪

CVE-2024-7025

Chromium£ºCVE-2024-7025 ½á¹¹ÖеÄÕûÊýÒç³ö

δ֪

 

¶þ¡¢Ó°Ïì¹æÄ£

ÊÜÓ°ÏìµÄ²úÆ·/¹¦Ð§/·þÎñ/×é¼þ°üÀ¨£º

Role: Windows Hyper-V

Windows Hyper-V

Windows EFI Partition

Windows Kernel

OpenSSH for Windows

Azure Monitor

Windows Netlogon

Windows Kerberos

BranchCache

Azure Stack

Windows Routing and Remote Access Service (RRAS)

.NET and Visual Studio

Windows Remote Desktop Licensing Service

Windows Remote Desktop Services

Microsoft Configuration Manager

Service Fabric

Power BI

.NET, .NET Framework, Visual Studio

Visual Studio Code

DeepSpeed

Windows Resilient File System (ReFS)

Windows Common Log File System Driver

Microsoft Office SharePoint

Microsoft Office Excel

Microsoft Office Visio

Microsoft Graphics Component

Windows Standards-Based Storage Management Service

Windows BitLocker

Windows NTFS

Internet Small Computer Systems Interface (iSCSI)

Windows Secure Kernel Mode

Microsoft ActiveX

Windows Telephony Server

Microsoft WDAC OLE DB provider for SQL

Windows Local Security Authority (LSA)

Windows Mobile Broadband

Windows Print Spooler Components

RPC Endpoint Mapper Service

Remote Desktop Client

Windows Kernel-Mode Drivers

Microsoft Simple Certificate Enrollment Protocol

Windows Online Certificate Status Protocol (OCSP)

Windows Cryptographic Services

Windows Secure Channel

Windows Storage

Windows Shell

Windows NT OS Kernel

Windows Storage Port Driver

Windows Network Address Translation (NAT)

Windows Ancillary Function Driver for WinSock

Sudo for Windows

Microsoft Management Console

Windows MSHTML Platform

Microsoft Windows Speech

Microsoft Office

Windows Remote Desktop

Winlogon

Windows Scripting

Code Integrity Guard

Visual C++ Redistributable Installer

Azure CLI

Visual Studio

Outlook for Android

Microsoft Defender for Endpoint

 

Èý¡¢Çå¾²²½·¥

3.1 Éý¼¶°æ±¾

ÏÖÔÚ΢ÈíÒÑÐû²¼Ïà¹ØÇå¾²¸üУ¬½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÐÞ¸´ ¡£

£¨Ò»£© Windows Update×Ô¶¯¸üÐÂ

Microsoft UpdateĬÈÏÆôÓ㬵±ÏµÍ³¼ì²âµ½¿ÉÓøüÐÂʱ£¬½«»á×Ô¶¯ÏÂÔظüв¢ÔÚÏÂÒ»´ÎÆô¶¯Ê±×°Öà ¡£Ò²¿ÉÑ¡Ôñͨ¹ýÒÔÏ°취ÊÖ¶¯¾ÙÐиüУº

1¡¢µã»÷¡°×îÏȲ˵¥¡±»ò°´Windows¿ì½Ý¼ü£¬µã»÷½øÈë¡°ÉèÖá±

2¡¢Ñ¡Ôñ¡°¸üкÍÇå¾²¡±£¬½øÈë¡°Windows¸üС±£¨Windows 8¡¢Windows 8.1¡¢Windows Server 2012ÒÔ¼°Windows Server 2012 R2¿Éͨ¹ý¿ØÖÆÃæ°å½øÈë¡°Windows¸üС±£¬Ïêϸ°ì·¨Îª¡°¿ØÖÆÃæ°å¡±->¡°ÏµÍ³ºÍÇå¾²¡±->¡°Windows¸üС±£©

3¡¢Ñ¡Ôñ¡°¼ì²é¸üС±£¬ÆÚ´ýϵͳ×Ô¶¯¼ì²é²¢ÏÂÔØ¿ÉÓøüР¡£

4¡¢¸üÐÂÍê³ÉºóÖØÆôÅÌËã»ú£¬¿Éͨ¹ý½øÈë¡°Windows¸üС±->¡°Éó²é¸üÐÂÀúÊ·¼Í¼¡±Éó²éÊÇ·ñÀÖ³É×°ÖÃÁ˸üР¡£¹ØÓÚûÓÐÀÖ³É×°ÖõĸüУ¬¿ÉÒÔµã»÷¸Ã¸üÐÂÃû³Æ½øÈë΢Èí¹Ù·½¸üÐÂÐÎòÁ´½Ó£¬µã»÷×îеÄSSUÃû³Æ²¢ÔÚÐÂÁ´½ÓÖеã»÷¡°Microsoft ¸üÐÂĿ¼¡±£¬È»ºóÔÚÐÂÁ´½ÓÖÐÑ¡ÔñÊÊÓÃÓÚÄ¿µÄϵͳµÄ²¹¶¡¾ÙÐÐÏÂÔز¢×°Öà ¡£

£¨¶þ£© ÊÖ¶¯×°ÖøüÐÂ

Microsoft¹Ù·½ÏÂÔØÏìÓ¦²¹¶¡¾ÙÐиüР¡£

2024Äê10ÔÂÇå¾²¸üÐÂÏÂÔØÁ´½Ó£º

https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

²¹¶¡ÏÂÔØʾÀý£¨²Î¿¼£©£º

1.·­¿ªÉÏÊöÏÂÔØÁ´½Ó£¬µã»÷Îó²îÁбíÖÐÒªÐÞ¸´µÄCVEÁ´½Ó ¡£

image.png

Àý1£ºÎ¢ÈíÎó²îÁÐ±í£¨Ê¾Àý£©

2.ÔÚ΢Èíͨ¸æÒ³Ãæµ×²¿×ó²à¡¾²úÆ·¡¿ÁÐÑ¡ÔñÏìÓ¦µÄϵͳÀàÐÍ£¬µã»÷ÓҲࡾÏÂÔØ¡¿Áз­¿ª²¹¶¡ÏÂÔØÁ´½Ó ¡£

image.png

Àý2£ºCVE-2022-21989²¹¶¡ÏÂÔØʾÀý

3.µã»÷¡¾Çå¾²¸üС¿£¬·­¿ª²¹¶¡ÏÂÔØÒ³Ã棬ÏÂÔØÏìÓ¦²¹¶¡²¢¾ÙÐÐ×°Öà ¡£

image.png

Àý3£º²¹¶¡ÏÂÔؽçÃæ

4.×°ÖÃÍê³ÉºóÖØÆôÅÌËã»ú ¡£

3.2 ÔÝʱ²½·¥

ÔÝÎÞ ¡£

3.3 ͨÓý¨Òé

l  °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬ïÔ̭ϵͳÎó²î£¬ÌáÉý·þÎñÆ÷µÄÇå¾²ÐÔ ¡£

l  ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬Ð޸ķÀ»ðǽսÂÔ£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬ïÔÌ­½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬ïÔÌ­¹¥»÷Ãæ ¡£

l  ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ ¡£

l  ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È ¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐÞ¸Ä ¡£

3.4 ²Î¿¼Á´½Ó

https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43581

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-10-09

Ê×´ÎÐû²¼

 

 

Îå¡¢¸½Â¼

5.1 ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø¼ò½é

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø½¨ÉèÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ½¨ÉèµÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Çå¾²¸ß¿Æ¼¼ÆóÒµ ¡£ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·¡¢Çå¾²·þÎñ½â¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò» ¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ÊÖÒÕ·þÎñÍŶÓ1300ÓàÈË ¡£ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊÐ ¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Æð¾¢ ¡£

5.2 ¹ØÓÚÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍø

ÓÅ·¢¹ú¼ÊÍøÕ¾¹ÙÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸öÎó²îͨ¸æºÍΣº¦Ô¤¾¯£¬ÎÒÃǽ«Ò»Á¬¸ú×ÙÈ«Çò×îеÄÍøÂçÇå¾²ÊÂÎñºÍÎó²î£¬ÎªÆóÒµµÄÐÅÏ¢Çå¾²±£¼Ý»¤º½ ¡£

¹Ø×¢ÎÒÃÇ£º

image.png