微软本月补丁星期二共计修复108处漏洞 其中19处为关键漏洞

2021-04-1409:54:49 评论 19,157

微软本月补丁星期二共计修复108处漏洞 其中19处为关键漏洞

对于普通用户来说,本月补丁星期二活动发布的 Windows 10 累积更新并没有什么新的内容,主要是对系统安全性进行优化。不过对于 Windows 和 Microsoft Exchange 管理员来说,最近几个月一直非常忙碌,4 月累积更新修复了 5 个零日漏洞和更多的 Exchange 漏洞。

在今天的更新中,微软共计修复了 108 处漏洞,其中 19 个标记为“关键漏洞”(Critial),89 个标记为“重要漏洞”(Important)。而且这些漏洞并不包含本月初发布的 6 个 Chromium Edge 漏洞。

此外,今天微软还修复了 5 个公开披露的零日漏洞,其中 1 个已知用于网络攻击。更糟糕的是,微软修复了 NSA 发现的 4 个关键的 Microsoft Exchange 漏洞。作为今天补丁星期二的一部分,微软已经修复了 4 个公开披露的漏洞和一个主动利用的漏洞。

以下 4 个漏洞微软表示已经公开暴露,但没有证据表明被黑客利用。

CVE-2021-27091 - RPC端点映射器服务权限提升的漏洞

CVE-2021-28312 - Windows NTFS 拒绝服务漏洞

CVE-2021-28437 - Windows 安装程序信息泄露漏洞 - PolarBear

CVE-2021-28458 - Azure ms-rest-nodeauth 库的权限提升漏洞

卡巴斯基研究人员 Boris Larin 发现的以下漏洞已经被黑客组织 BITTER APT 利用。

CVE-2021-28310 - Win32k 提升权限漏洞

卡巴斯基在博文中解释道:“不幸的是,我们无法捕捉到一个完整的链条,所以我们不知道该漏洞是否与另一个浏览器零日配合使用,或者与已知的、打过补丁的漏洞结合在一起使用”。

微软 Exchange 的管理员们并没有得到任何休息,因为今天又有 4 个 NSA 发现的关键远程代码执行漏洞在微软 Exchange 中得到了修复。其中两个漏洞是预认证,这意味着它们不需要攻击者先登录服务器。

CVE-2021-28480--微软Exchange服务器远程代码执行漏洞

CVE-2021-28481 - 微软Exchange服务器远程代码执行漏洞

CVE-2021-28482 - 微软Exchange服务器远程代码执行漏洞

CVE-2021-28483 - 微软Exchange服务器远程代码执行漏洞

完整报告如下

Tag CVE ID CVE Title Severity
Azure AD Web Sign-in CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability Important
Azure DevOps CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability Important
Azure DevOps CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important
Azure Sphere CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Critical
Microsoft Edge (Chromium-based) CVE-2021-21199 Chromium: CVE-2021-21199 Use Use after free in Aura Unknown
Microsoft Edge (Chromium-based) CVE-2021-21194 Chromium: CVE-2021-21194 Use after free in screen capture Unknown
Microsoft Edge (Chromium-based) CVE-2021-21197 Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip Unknown
Microsoft Edge (Chromium-based) CVE-2021-21198 Chromium: CVE-2021-21198 Out of bounds read in IPC Unknown
Microsoft Edge (Chromium-based) CVE-2021-21195 Chromium: CVE-2021-21195 Use after free in V8 Unknown
Microsoft Edge (Chromium-based) CVE-2021-21196 Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip Unknown
Microsoft Exchange Server CVE-2021-28480 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28482 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28483 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Exchange Server CVE-2021-28481 Microsoft Exchange Server Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2021-28350 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-28318 Windows GDI+ Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2021-28348 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2021-28349 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Internet Messaging API CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability Important
Microsoft NTFS CVE-2021-28312 Windows NTFS Denial of Service Vulnerability Moderate
Microsoft NTFS CVE-2021-27096 NTFS Elevation of Privilege Vulnerability Important
Microsoft Office Excel CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Excel CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability Important
Microsoft Office SharePoint CVE-2021-28450 Microsoft SharePoint Denial of Service Update Important
Microsoft Office Word CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28464 VP9 Video Extensions Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28466 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-27079 Windows Media Photo Codec Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2021-28317 Microsoft Windows Codecs Library Information Disclosure Vulnerability Important
Microsoft Windows DNS CVE-2021-28323 Windows DNS Information Disclosure Vulnerability Important
Microsoft Windows DNS CVE-2021-28328 Windows DNS Information Disclosure Vulnerability Important
Microsoft Windows Speech CVE-2021-28351 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows Speech CVE-2021-28436 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows Speech CVE-2021-28347 Windows Speech Runtime Elevation of Privilege Vulnerability Important
Open Source Software CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability Important
Role: Hyper-V CVE-2021-28441 Windows Hyper-V Information Disclosure Vulnerability Important
Role: Hyper-V CVE-2021-28314 Windows Hyper-V Elevation of Privilege Vulnerability Important
Role: Hyper-V CVE-2021-28444 Windows Hyper-V Security Feature Bypass Vulnerability Important
Role: Hyper-V CVE-2021-26416 Windows Hyper-V Denial of Service Vulnerability Important
Visual Studio CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability Important
Visual Studio Code CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28471 Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28473 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28477 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code CVE-2021-28469 Visual Studio Code Remote Code Execution Vulnerability Important
Visual Studio Code - GitHub Pull Requests and Issues Extension CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important
Visual Studio Code - Kubernetes Tools CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability Important
Visual Studio Code - Maven for Java Extension CVE-2021-28472 Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability Important
Windows Application Compatibility Cache CVE-2021-28311 Windows Application Compatibility Cache Denial of Service Vulnerability Important
Windows AppX Deployment Extensions CVE-2021-28326 Windows AppX Deployment Server Denial of Service Vulnerability Important
Windows Console Driver CVE-2021-28438 Windows Console Driver Denial of Service Vulnerability Important
Windows Console Driver CVE-2021-28443 Windows Console Driver Denial of Service Vulnerability Important
Windows Diagnostic Hub CVE-2021-28313 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-28321 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Early Launch Antimalware Driver CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
Windows ELAM CVE-2021-27094 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability Important
Windows Event Tracing CVE-2021-27088 Windows Event Tracing Elevation of Privilege Vulnerability Important
Windows Event Tracing CVE-2021-28435 Windows Event Tracing Information Disclosure Vulnerability Important
Windows Installer CVE-2021-26413 Windows Installer Spoofing Vulnerability Important
Windows Installer CVE-2021-28440 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2021-28437 Windows Installer Information Disclosure Vulnerability Important
Windows Installer CVE-2021-26415 Windows Installer Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2021-28309 Windows Kernel Information Disclosure Vulnerability Important
Windows Media Player CVE-2021-28315 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
Windows Media Player CVE-2021-27095 Windows Media Video Decoder Remote Code Execution Vulnerability Critical
Windows Network File System CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability Important
Windows Overlay Filter CVE-2021-26417 Windows Overlay Filter Information Disclosure Vulnerability Important
Windows Portmapping CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability Important
Windows Registry CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28434 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28354 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Remote Procedure Call Runtime CVE-2021-28355 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28353 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28352 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28357 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28358 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28356 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28346 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call Runtime CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability Critical
Windows Resource Manager CVE-2021-28320 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability Important
Windows Secure Kernel Mode CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability Important
Windows Services and Controller App CVE-2021-27086 Windows Services and Controller App Elevation of Privilege Vulnerability Important
Windows SMB Server CVE-2021-28325 Windows SMB Information Disclosure Vulnerability Important
Windows SMB Server CVE-2021-28324 Windows SMB Information Disclosure Vulnerability Important
Windows TCP/IP CVE-2021-28439 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows TCP/IP CVE-2021-28442 Windows TCP/IP Information Disclosure Vulnerability Important
Windows TCP/IP CVE-2021-28319 Windows TCP/IP Driver Denial of Service Vulnerability Important
Windows Win32K CVE-2021-27072 Win32k Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2021-28310 Win32k Elevation of Privilege Vulnerability Important
Windows WLAN Auto Config Service CVE-2021-28316 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability Important
weinxin
N软网微信公众号扫一扫
观点新鲜独到,有料有趣,有互动、有情怀、有福利!关注科技,关注N软,让我们生活更加美好!
  • A+

发表评论