【漏洞通告】关于2021年3月微软多个产品高危漏洞通告
2021.3.15
摘要
近日,微软官方发布了多个安全漏洞的公告,包括InternetExplorer安全漏洞(CNNVD-202103-644、CVE-2021-27085)、MicrosoftSharePoint Server 安全漏洞(CNNVD-202103-642、CVE-2021-27076)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2021年3月10日,微软发布了2021年3月份安全更新,共82个漏洞的补丁程序,CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Windows操作系统、Azure、IE和Edge、Exchange Server、Office、SharePoint Server,Visual Studio等多个Windows平台下应用软件和组件。CNNVD对其危害等级进行了评价,其中包括7个超危漏洞,64个高危漏洞。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Internet Explorer 内存泄露漏洞(CVE-2021-26411):
Internet Explorer在处理DOM对象时,存在一处double free漏洞,攻击者通过诱导用户点击恶意链接或文件进行触发,可导致远程代码执行,从而取得目标系统的控制权限。该漏洞曾被黑客组织用于针对专业安全研究者的APT攻击,目前漏洞细节已公开。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26411
Windows Hyper-V 远程代码执行漏洞(CVE-2021-26867):
使用了Plan-9平台配置的 Hyper-V虚拟客户端存在一个严重漏洞,经过身份验证的攻击者可在Hyper-V服务器上执行任意代码。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26867
Windows DNS Server 远程代码执行漏洞(CVE-2021-26897):
Windows DNS Server存在一个严重的远程代码执行漏洞,攻击者通过向目标主机发送特制的请求,可在目标主机上以system权限执行任意代码。启用安全区域更新可部分缓解此漏洞,但攻击者依然可以通过加入域的计算机攻击启用了安全区域更新的DNS服务器。目前该漏洞细节已公开。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26897
Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-27076):
Microsoft SharePoint Server存在远程代码执行漏洞。攻击者需要可以使用SharePoint服务器创建或修改网站,经过身份认证的攻击者可构造恶意数据执行反序列化攻击执行任意命令,从而获取服务器最高权限。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27076
Windows Win32k 权限提升漏洞(CVE-2021-27077):
Windows内核模式驱动对内存对象处理不当导致的权限提升漏洞,经过身份验证的本地攻击者可利用此漏洞在目标系统上提升其权限以执行任意代码。目前已有漏洞细节披露。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27077
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
CVE-2021-26411 | Microsoft Edge (EdgeHTML-based): Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems |
Internet Explorer 11: Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems | |
Internet Explorer 9: Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 | |
CVE-2021-26867 | Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1909 for x64-based Systems |
CVE-2021-26897 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 2004 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server, version 20H2 (Server Core Installation) |
CVE-2021-27076 | Microsoft SharePoint Foundation 2013 Service Pack 1 Microsoft Business Productivity Servers 2010 Service Pack 2 Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
CVE-2021-27077 | Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 20H2 (Server Core Installation) Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows Server, version 2004 (Server Core installation) Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 |
三、漏洞详情
此次更新共包括82个漏洞的补丁程序,其中7个超危漏洞,64个高危漏洞。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Windows DNS 服务器安全漏洞 | CNNVD-202103-615 | CVE-2021-26897 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26897 |
2 | Microsoft Windows DNS 服务器安全漏洞 | CNNVD-202103-613 | CVE-2021-26895 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26895 |
3 | Microsoft Windows DNS 服务器安全漏洞 | CNNVD-202103-618 | CVE-2021-26894 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26894 |
4 | Microsoft Windows DNS 服务器安全漏洞 | CNNVD-202103-612 | CVE-2021-26893 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26893 |
5 | Microsoft Windows安全漏洞 | CNNVD-202103-607 | CVE-2021-26877 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26877 |
6 | Windows Hyper-V安全漏洞 | CNNVD-202103-597 | CVE-2021-26867 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26867 |
7 | Microsoft Azure Sphere 安全漏洞 | CNNVD-202103-580 | CVE-2021-27080 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27080 |
8 | Microsoft Internet Explorer 安全漏洞 | CNNVD-202103-644 | CVE-2021-27085 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27085 |
9 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202103-643 | CVE-2021-27084 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27084 |
10 | Microsoft SharePoint Server 安全漏洞 | CNNVD-202103-642 | CVE-2021-27076 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27076 |
11 | Microsoft Git for Visual Studio 安全漏洞 | CNNVD-202103-640 | CVE-2021-21300 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-21300 |
12 | Microsoft Windows DNS 服务器安全漏洞 | CNNVD-202103-637 | CVE-2021-27063 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27063 |
13 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-638 | CVE-2021-27062 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27062 |
14 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-636 | CVE-2021-27061 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27061 |
15 | Microsoft Office 安全漏洞 | CNNVD-202103-635 | CVE-2021-27059 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27059 |
16 | Microsoft Office ClickToRun 安全漏洞 | CNNVD-202103-634 | CVE-2021-27058 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27058 |
17 | Microsoft Office 安全漏洞 | CNNVD-202103-633 | CVE-2021-27057 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27057 |
18 | Microsoft PowerPoint 安全漏洞 | CNNVD-202103-631 | CVE-2021-27056 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27056 |
19 | Microsoft Visio 安全漏洞 | CNNVD-202103-632 | CVE-2021-27055 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27055 |
20 | Microsoft Excel 安全漏洞 | CNNVD-202103-630 | CVE-2021-27054 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27054 |
21 | Microsoft Excel 安全漏洞 | CNNVD-202103-629 | CVE-2021-27053 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27053 |
22 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-627 | CVE-2021-27051 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27051 |
23 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-626 | CVE-2021-27050 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27050 |
24 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-624 | CVE-2021-27049 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27049 |
25 | Microsoft HEVC Video 安全漏洞 | CNNVD-202103-641 | CVE-2021-27048 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27048 |
26 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-623 | CVE-2021-27047 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27047 |
27 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-625 | CVE-2021-26902 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26902 |
28 | Windows事件跟踪安全漏洞 | CNNVD-202103-622 | CVE-2021-26901 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26901 |
29 | Microsoft Windows Wink 安全漏洞 | CNNVD-202103-621 | CVE-2021-26900 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26900 |
30 | Microsoft Windows UPnP 设备主机安全漏洞 | CNNVD-202103-619 | CVE-2021-26899 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26899 |
31 | Microsoft Windows安全漏洞 | CNNVD-202103-617 | CVE-2021-26898 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26898 |
32 | Microsoft Windows DNS 服务器安全漏洞 | CNNVD-202103-616 | CVE-2021-26896 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26896 |
33 | Microsoft Windows容器执行代理安全漏洞 | CNNVD-202103-650 | CVE-2021-26891 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26891 |
34 | Microsoft Application Virtualization 安全漏洞 | CNNVD-202103-651 | CVE-2021-26890 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26890 |
35 | Microsoft Windows Update Stack 安全漏洞 | CNNVD-202103-649 | CVE-2021-26889 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26889 |
36 | Microsoft Windows安全漏洞 | CNNVD-202103-648 | CVE-2021-26887 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26887 |
37 | Microsoft Windows WalletService 安全漏洞 | CNNVD-202103-646 | CVE-2021-26885 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26885 |
38 | Microsoft Windows安全漏洞 | CNNVD-202103-614 | CVE-2021-26882 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26882 |
39 | Microsoft Windows Media Foundation安全漏洞 | CNNVD-202103-610 | CVE-2021-26881 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26881 |
40 | Microsoft Windows安全漏洞 | CNNVD-202103-620 | CVE-2021-26880 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26880 |
41 | Microsoft Windows NAT 安全漏洞 | CNNVD-202103-609 | CVE-2021-26879 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26879 |
42 | Microsoft Windows打印后台处理程序安全漏洞 | CNNVD-202103-608 | CVE-2021-26878 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26878 |
43 | Microsoft OpenType字体分析安全漏洞 | CNNVD-202103-606 | CVE-2021-26876 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26876 |
44 | Microsoft Windows Win32k 安全漏洞 | CNNVD-202103-605 | CVE-2021-26875 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26875 |
45 | Microsoft Windows覆盖筛选器安全漏洞 | CNNVD-202103-604 | CVE-2021-26874 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26874 |
46 | Microsoft Windows User Profile Service安全漏洞 | CNNVD-202103-602 | CVE-2021-26873 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26873 |
47 | Windows安全漏洞 | CNNVD-202103-603 | CVE-2021-26872 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26872 |
48 | Windows安全漏洞 | CNNVD-202103-600 | CVE-2021-26871 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26871 |
49 | Microsoft Windows投影文件系统安全漏洞 | CNNVD-202103-601 | CVE-2021-26870 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26870 |
50 | Microsoft Windows图形组件安全漏洞 | CNNVD-202103-598 | CVE-2021-26868 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26868 |
51 | Microsoft Windows Update 服务安全漏洞 | CNNVD-202103-596 | CVE-2021-26866 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26866 |
52 | Microsoft Windows容器执行代理安全漏洞 | CNNVD-202103-595 | CVE-2021-26865 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26865 |
53 | Microsoft Windows虚拟注册表提供程序安全漏洞 | CNNVD-202103-594 | CVE-2021-26864 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26864 |
54 | Microsoft Windows Win32k 安全漏洞 | CNNVD-202103-593 | CVE-2021-26863 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26863 |
55 | Microsoft Windows图形组件安全漏洞 | CNNVD-202103-591 | CVE-2021-26861 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26861 |
56 | Microsoft Windows App-V 覆盖筛选器安全漏洞 | CNNVD-202103-589 | CVE-2021-26860 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26860 |
57 | Microsoft Power BI信息泄漏漏洞 | CNNVD-202103-590 | CVE-2021-26859 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26859 |
58 | Microsoft HEVC Video 扩展程序安全漏洞 | CNNVD-202103-587 | CVE-2021-24110 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24110 |
59 | Microsoft Windows错误报告安全漏洞 | CNNVD-202103-584 | CVE-2021-24090 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24090 |
60 | Microsoft HEVC Video 安全漏洞 | CNNVD-202103-585 | CVE-2021-24089 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24089 |
61 | Visual Studio Code安全漏洞 | CNNVD-202103-582 | CVE-2021-27083 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27083 |
62 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202103-583 | CVE-2021-27082 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27082 |
63 | Microsoft Visual Studio Code ESLint 安全漏洞 | CNNVD-202103-581 | CVE-2021-27081 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27081 |
64 | Microsoft Windows Win32k 安全漏洞 | CNNVD-202103-579 | CVE-2021-27077 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27077 |
65 | Windows 10 安全漏洞 | CNNVD-202103-575 | CVE-2021-27070 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27070 |
66 | Visual Studio Code安全漏洞 | CNNVD-202103-576 | CVE-2021-27060 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27060 |
67 | Microsoft Internet Explorer 安全漏洞 | CNNVD-202103-574 | CVE-2021-26411 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26411 |
68 | Microsoft Office 安全漏洞 | CNNVD-202103-573 | CVE-2021-24108 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24108 |
69 | Microsoft DirectX 安全漏洞 | CNNVD-202103-572 | CVE-2021-24095 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24095 |
70 | Microsoft Windows Update Stack 安装程序安全漏洞 | CNNVD-202103-571 | CVE-2021-1729 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1729 |
71 | Microsoft Windows打印后台处理程序安全漏洞 | CNNVD-202103-570 | CVE-2021-1640 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1640 |
72 | Microsoft Windows管理中心安全功能安全漏洞 | CNNVD-202103-639 | CVE-2021-27066 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27066 |
73 | Microsoft SharePoint Server 信息泄露漏洞 | CNNVD-202103-628 | CVE-2021-27052 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27052 |
74 | Microsoft Windows可扩展固件接口安全漏洞 | CNNVD-202103-611 | CVE-2021-26892 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26892 |
75 | Microsoft User Profile Service安全漏洞 | CNNVD-202103-647 | CVE-2021-26886 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26886 |
76 | Microsoft Windows Media 照片编解码器信息泄漏漏洞 | CNNVD-202103-645 | CVE-2021-26884 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26884 |
77 | Microsoft Windows ActiveX 安装程序服务信息泄露漏洞 | CNNVD-202103-599 | CVE-2021-26869 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26869 |
78 | Microsoft Windows Installer 安全漏洞 | CNNVD-202103-592 | CVE-2021-26862 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26862 |
79 | Windows信息泄露漏洞 | CNNVD-202103-588 | CVE-2021-24107 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24107 |
80 | Microsoft SharePoint 安全漏洞 | CNNVD-202103-586 | CVE-2021-24104 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24104 |
81 | Microsoft Windows虚拟机信息泄露漏洞 | CNNVD-202103-578 | CVE-2021-27075 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27075 |
82 | Microsoft Azure Sphere 安全漏洞 | CNNVD-202103-577 | CVE-2021-27074 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27074 |
四、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址:https://msrc.microsoft.com/update-guide/en-us