【漏洞通告】关于2021年3月微软多个产品高危漏洞通告

2021.3.15

摘要

近日,微软官方发布了多个安全漏洞的公告,包括InternetExplorer安全漏洞(CNNVD-202103-644、CVE-2021-27085)、MicrosoftSharePoint Server 安全漏洞(CNNVD-202103-642、CVE-2021-27076)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。

一、漏洞介绍

2021年3月10日,微软发布了2021年3月份安全更新,共82个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Azure、IE和Edge、Exchange Server、Office、SharePoint Server,Visual Studio等多个Windows平台下应用软件和组件。CNNVD对其危害等级进行了评价,其中包括7个超危漏洞,64个高危漏洞。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。

二、重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:

Internet Explorer 内存泄露漏洞(CVE-2021-26411):

Internet   Explorer在处理DOM对象时,存在一处double free漏洞,攻击者通过诱导用户点击恶意链接或文件进行触发,可导致远程代码执行,从而取得目标系统的控制权限。该漏洞曾被黑客组织用于针对专业安全研究者的APT攻击,目前漏洞细节已公开。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411

Windows Hyper-V 远程代码执行漏洞(CVE-2021-26867):

使用了Plan-9平台配置的 Hyper-V虚拟客户端存在一个严重漏洞,经过身份验证的攻击者可在Hyper-V服务器上执行任意代码。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867

Windows DNS Server 远程代码执行漏洞(CVE-2021-26897):

Windows  DNS Server存在一个严重的远程代码执行漏洞,攻击者通过向目标主机发送特制的请求,可在目标主机上以system权限执行任意代码。启用安全区域更新可部分缓解此漏洞,但攻击者依然可以通过加入域的计算机攻击启用了安全区域更新的DNS服务器。目前该漏洞细节已公开。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897

Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-27076):

Microsoft  SharePoint Server存在远程代码执行漏洞。攻击者需要可以使用SharePoint服务器创建或修改网站,经过身份认证的攻击者可构造恶意数据执行反序列化攻击执行任意命令,从而获取服务器最高权限。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27076

Windows Win32k 权限提升漏洞(CVE-2021-27077):

Windows内核模式驱动对内存对象处理不当导致的权限提升漏洞,经过身份验证的本地攻击者可利用此漏洞在目标系统上提升其权限以执行任意代码。目前已有漏洞细节披露。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27077

以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号

受影响产品版本

CVE-2021-26411

Microsoft Edge (EdgeHTML-based):

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Internet Explorer 11:

Windows Server 2016

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Internet Explorer 9:

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

CVE-2021-26867

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for x64-based Systems

CVE-2021-26897

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1     (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server     Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core     installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016  (Server   Core installation)

Windows Server 2016

Windows Server, version 2004 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server 2019  (Server   Core installation)

Windows Server 2019

Windows Server, version 20H2 (Server Core Installation)

CVE-2021-27076

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft Business Productivity Servers 2010 Service Pack 2

Microsoft SharePoint Server 2019

Microsoft SharePoint Enterprise Server 2016

CVE-2021-27077

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1     (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server     Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core     installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows RT 8.1

Windows 8.1 for x64-based systems

Windows 8.1 for 32-bit systems

Windows 7 for x64-based Systems Service Pack 1

Windows 7 for 32-bit Systems Service Pack 1

Windows Server 2016  (Server   Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server, version 20H2 (Server Core Installation)

Windows 10 Version 20H2 for ARM64-based Systems

Windows 10 Version 20H2 for 32-bit Systems

Windows 10 Version 20H2 for x64-based Systems

Windows Server, version 2004 (Server Core installation)

Windows 10 Version 2004 for x64-based Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows Server, version 1909 (Server Core installation)

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows Server 2019  (Server   Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

三、漏洞详情

此次更新共包括82个漏洞的补丁程序,其中7个超危漏洞,64个高危漏洞。

序号

漏洞名称

CNNVD编号

CVE编号

危害等级

官方链接

1

Windows DNS 服务器安全漏洞

CNNVD-202103-615

CVE-2021-26897

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897

2

Microsoft Windows   DNS 服务器安全漏洞

CNNVD-202103-613

CVE-2021-26895

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26895

3

Microsoft Windows   DNS 服务器安全漏洞

CNNVD-202103-618

CVE-2021-26894

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26894

4

Microsoft Windows   DNS 服务器安全漏洞

CNNVD-202103-612

CVE-2021-26893

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26893

5

Microsoft Windows安全漏洞

CNNVD-202103-607

CVE-2021-26877

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26877

6

Windows Hyper-V安全漏洞

CNNVD-202103-597

CVE-2021-26867

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867

7

Microsoft Azure   Sphere 安全漏洞

CNNVD-202103-580

CVE-2021-27080

超危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27080

8

Microsoft Internet Explorer 安全漏洞

CNNVD-202103-644

CVE-2021-27085

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085

9

Microsoft Visual   Studio Code  安全漏洞

CNNVD-202103-643

CVE-2021-27084

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084

10

Microsoft SharePoint   Server 安全漏洞

CNNVD-202103-642

CVE-2021-27076

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076

11

Microsoft Git for   Visual  Studio 安全漏洞

CNNVD-202103-640

CVE-2021-21300

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21300

12

Microsoft Windows   DNS 服务器安全漏洞

CNNVD-202103-637

CVE-2021-27063

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27063

13

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-638

CVE-2021-27062

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27062

14

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-636

CVE-2021-27061

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27061

15

Microsoft   Office 安全漏洞

CNNVD-202103-635

CVE-2021-27059

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27059

16

Microsoft Office   ClickToRun 安全漏洞

CNNVD-202103-634

CVE-2021-27058

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27058

17

Microsoft   Office 安全漏洞

CNNVD-202103-633

CVE-2021-27057

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27057

18

Microsoft   PowerPoint 安全漏洞

CNNVD-202103-631

CVE-2021-27056

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27056

19

Microsoft Visio 安全漏洞

CNNVD-202103-632

CVE-2021-27055

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27055

20

Microsoft Excel 安全漏洞

CNNVD-202103-630

CVE-2021-27054

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27054

21

Microsoft Excel 安全漏洞

CNNVD-202103-629

CVE-2021-27053

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053

22

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-627

CVE-2021-27051

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27051

23

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-626

CVE-2021-27050

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27050

24

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-624

CVE-2021-27049

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27049

25

Microsoft HEVC   Video 安全漏洞

CNNVD-202103-641

CVE-2021-27048

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27048

26

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-623

CVE-2021-27047

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27047

27

Microsoft HEVC Video 扩展程序安全漏洞

CNNVD-202103-625

CVE-2021-26902

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26902

28

Windows事件跟踪安全漏洞

CNNVD-202103-622

CVE-2021-26901

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26901

29

Microsoft Windows   Wink 安全漏洞

CNNVD-202103-621

CVE-2021-26900

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26900

30

Microsoft Windows   UPnP 设备主机安全漏洞

CNNVD-202103-619

CVE-2021-26899

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26899

31

 Microsoft   Windows安全漏洞

CNNVD-202103-617

CVE-2021-26898

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26898

32

Microsoft Windows   DNS 服务器安全漏洞

CNNVD-202103-616

CVE-2021-26896

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26896

33

Microsoft Windows容器执行代理安全漏洞

CNNVD-202103-650

CVE-2021-26891

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26891

34

Microsoft Application    Virtualization 安全漏洞

CNNVD-202103-651

CVE-2021-26890

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26890

35

Microsoft Windows   Update  Stack 安全漏洞

CNNVD-202103-649

CVE-2021-26889

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26889

36

Microsoft Windows安全漏洞

CNNVD-202103-648

CVE-2021-26887

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887

37

Microsoft Windows    WalletService 安全漏洞

CNNVD-202103-646

CVE-2021-26885

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26885

38

Microsoft Windows安全漏洞

CNNVD-202103-614

CVE-2021-26882

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26882

39

Microsoft Windows Media    Foundation安全漏洞

CNNVD-202103-610

CVE-2021-26881

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26881

40

Microsoft Windows安全漏洞

CNNVD-202103-620

CVE-2021-26880

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26880

41

Microsoft Windows   NAT 安全漏洞

CNNVD-202103-609

CVE-2021-26879

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26879

42

Microsoft Windows打印后台处理程序安全漏洞

CNNVD-202103-608

CVE-2021-26878

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26878

43

Microsoft OpenType字体分析安全漏洞

CNNVD-202103-606

CVE-2021-26876

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26876

44

Microsoft Windows   Win32k 安全漏洞

CNNVD-202103-605

CVE-2021-26875

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26875

45

Microsoft Windows覆盖筛选器安全漏洞

CNNVD-202103-604

CVE-2021-26874

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26874

46

Microsoft Windows   User  Profile Service安全漏洞

CNNVD-202103-602

CVE-2021-26873

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26873

47

Windows安全漏洞

CNNVD-202103-603

CVE-2021-26872

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26872

48

Windows安全漏洞

CNNVD-202103-600

CVE-2021-26871

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26871

49

Microsoft Windows投影文件系统安全漏洞

CNNVD-202103-601

CVE-2021-26870

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26870

50

Microsoft Windows图形组件安全漏洞

CNNVD-202103-598

CVE-2021-26868

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26868

51

Microsoft Windows   Update 服务安全漏洞

CNNVD-202103-596

CVE-2021-26866

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26866

52

Microsoft Windows容器执行代理安全漏洞

CNNVD-202103-595

CVE-2021-26865

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26865

53

Microsoft Windows虚拟注册表提供程序安全漏洞

CNNVD-202103-594

CVE-2021-26864

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26864

54

Microsoft Windows   Win32k 安全漏洞

CNNVD-202103-593

CVE-2021-26863

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26863

55

Microsoft Windows图形组件安全漏洞

CNNVD-202103-591

CVE-2021-26861

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26861

56

Microsoft Windows   App-V 覆盖筛选器安全漏洞

CNNVD-202103-589

CVE-2021-26860

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26860

57

Microsoft Power BI信息泄漏漏洞

CNNVD-202103-590

CVE-2021-26859

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26859

58

Microsoft HEVC   Video 扩展程序安全漏洞

CNNVD-202103-587

CVE-2021-24110

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24110

59

Microsoft Windows错误报告安全漏洞

CNNVD-202103-584

CVE-2021-24090

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090

60

Microsoft HEVC   Video 安全漏洞

CNNVD-202103-585

CVE-2021-24089

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089

61

Visual Studio Code安全漏洞

CNNVD-202103-582

CVE-2021-27083

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27083

62

Microsoft Visual   Studio Code  安全漏洞

CNNVD-202103-583

CVE-2021-27082

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27082

63

Microsoft Visual   Studio Code  ESLint 安全漏洞

CNNVD-202103-581

CVE-2021-27081

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27081

64

Microsoft Windows   Win32k 安全漏洞

CNNVD-202103-579

CVE-2021-27077

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077

65

Windows 10 安全漏洞

CNNVD-202103-575

CVE-2021-27070

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27070

66

Visual Studio Code安全漏洞

CNNVD-202103-576

CVE-2021-27060

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27060

67

Microsoft Internet   Explorer 安全漏洞

CNNVD-202103-574

CVE-2021-26411

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411

68

Microsoft   Office 安全漏洞

CNNVD-202103-573

CVE-2021-24108

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24108

69

Microsoft   DirectX 安全漏洞

CNNVD-202103-572

CVE-2021-24095

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24095

70

Microsoft Windows   Update  Stack 安装程序安全漏洞

CNNVD-202103-571

CVE-2021-1729

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1729

71

Microsoft Windows打印后台处理程序安全漏洞

CNNVD-202103-570

CVE-2021-1640

高危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1640

72

Microsoft Windows管理中心安全功能安全漏洞

CNNVD-202103-639

CVE-2021-27066

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066

73

Microsoft SharePoint   Server 信息泄露漏洞

CNNVD-202103-628

CVE-2021-27052

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27052

74

Microsoft Windows可扩展固件接口安全漏洞

CNNVD-202103-611

CVE-2021-26892

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26892

75

Microsoft User   Profile  Service安全漏洞

CNNVD-202103-647

CVE-2021-26886

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26886

76

Microsoft Windows   Media 照片编解码器信息泄漏漏洞

CNNVD-202103-645

CVE-2021-26884

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26884

77

Microsoft Windows   ActiveX 安装程序服务信息泄露漏洞

CNNVD-202103-599

CVE-2021-26869

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26869

78

Microsoft Windows   Installer 安全漏洞

CNNVD-202103-592

CVE-2021-26862

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26862

79

Windows信息泄露漏洞

CNNVD-202103-588

CVE-2021-24107

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24107

80

Microsoft   SharePoint 安全漏洞

CNNVD-202103-586

CVE-2021-24104

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24104

81

Microsoft Windows虚拟机信息泄露漏洞

CNNVD-202103-578

CVE-2021-27075

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27075

82

Microsoft Azure   Sphere 安全漏洞

CNNVD-202103-577

CVE-2021-27074

中危

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27074

四、修复建议

目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-us