【漏洞通告】2021年7月关于微软多个产品高危漏洞通告
2021.9.22
摘要
近日,微软官方发布了多个安全漏洞的公告,包括MicrosoftWindows DNS 代码注入漏洞(CNNVD-202107-776、CVE-2021-34458)、MicrosoftWindows Kernel 代码注入漏洞(CNNVD-202107-776、CVE-2021-34458)等多个漏洞。成功利用上述漏洞的攻击者可以在目标系统上执行任意代码、获取用户数据,提升权限等。微软多个产品和系统受漏洞影响。目前,微软官方已经发布漏洞修复补丁,建议用户及时确认是否受到漏洞影响,尽快采取修补措施。
一、漏洞介绍
2021年7月14日,微软发布了2021年7月份安全更新,修复了117个安全漏洞,涉及Windows、Microsoft Office、Microsoft Edge、Visual Studio 、SharePoint Server等广泛使用的产品,其中包括远程代码执行和权限提升等高危漏洞类型。CNNVD对其危害等级进行了评价,其中超危漏洞1个、高危漏洞有74个,中危漏洞40个,低危漏洞1个。微软多个产品和系统版本受漏洞影响,具体影响范围可访问https://portal.msrc.microsoft.com/zh-cn/security-guidance查询。
二、重点漏洞概述
Windows Print Spooler远程代码执行漏洞(CVE-2021-34527):
Print Spooler是Windows系统中管理打印相关事务的服务,域用户可远程利用该漏洞以SYSTEM权限在域控制器上执行任意代码,从而获得整个域的控制权。此漏洞EXP已公开且被在野利用,绿盟科技CERT全程追踪了此漏洞。
详情及防护措施请参考:【处置手册】Windows 打印服务漏洞最新补丁请查收
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527
Windows Script Engine 内存损坏漏洞(CVE-2021-34448):
脚本引擎中存在内存损坏漏洞,未授权的远程攻击者可通过诱导用户打开特制文件或访问恶意网站进行利用,从而控制用户计算机系统,目前此漏洞已发现在野利用。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34448
Windows Kernel 远程代码执行漏洞(CVE-2021-34458):
Windows内核中存在远程代码执行漏洞,此漏洞影响SR-IOV虚拟机系统,CVSS为9.9分
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34458
Exchange Server 远程代码执行漏洞(CVE-2021-34473):
Microsoft Exchange Server存在远程执行代码漏洞,未经身份验证的远程攻击者向服务器发送精心构造的请求,可在目标服务器上执行任意代码。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
Exchange Server 远程代码执行漏洞(CVE-2021-31206):
此漏洞为2021 Pwn2Own 竞赛上发现的Exchange Server漏洞之一,攻击者成功利用该漏洞可获取一定的服务器控制权限。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31206
Windows DNS Server 远程代码执行漏洞(CVE-2021-34494):
Windows DNS 服务器存在远程执行代码漏洞,经过身份验证的攻击者通过向配置为DNS服务器发送特制的请求,可在目标主机上以system权限执行任意代码。
官方通告链接:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34494
Windows Kernel 权限提升漏洞(CVE-2021-31979/CVE-2021-33771):
Windows存在两个内核权限提升漏洞,经过身份验证的本地攻击者可以运行特制的二进制文件,从而在目标主机上提升当前账户权限,目前已发现在野利用。
官方通告链接:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31979
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771
以下为重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
漏洞编号 | 受影响产品版本 |
CVE-2021-34527 | 所有微软支持的Windows版本 |
CVE-2021-34448 | Windows Server 2012 R2 Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 7 for x64-based Systems Service Pack 1 Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
CVE-2021-34458 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 |
CVE-2021-34473 | Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2016 Cumulative Update 20 |
CVE-2021-31206 | Microsoft Exchange Server 2019 Cumulative Update 9 Microsoft Exchange Server 2019 Cumulative Update 10 Microsoft Exchange Server 2016 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Exchange Server 2013 Cumulative Update 23 |
CVE-2021-34494 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
CVE-2021-31979 | 所有微软支持的Windows版本 |
CVE-2021-33771 | Windows Server, version 20H2 (Server Core Installation) Windows Server, version 2004 (Server Core installation) Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows RT 8.1 Windows 8.1 for x64-based systems Windows 8.1 for 32-bit systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 Version 21H1 for x64-based Systems Windows 10 Version 21H1 for ARM64-based Systems Windows 10 Version 21H1 for 32-bit Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems |
三、漏洞详情
此次更新共包括116个漏洞的补丁程序,其中超危漏洞1个、高危漏洞有74个,中危漏洞40个,低危漏洞1个。
序号 | 漏洞名称 | CNNVD编号 | CVE编号 | 危害等级 | 官方链接 |
1 | Microsoft Windows Kernel 代码注入漏洞 | CNNVD-202107-776 | CVE-2021-34458 | 超危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34458 |
2 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-716 | CVE-2021-34521 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34521 |
3 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-717 | CVE-2021-34525 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34525 |
4 | Microsoft Win32k 权限许可和访问控制问题漏洞 | CNNVD-202107-719 | CVE-2021-34516 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34516 |
5 | Microsoft Windows Kernel 权限许可和访问控制问题漏洞 | CNNVD-202107-723 | CVE-2021-34514 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34514 |
6 | Microsoft Windows Storage 权限许可和访问控制问题漏洞 | CNNVD-202107-731 | CVE-2021-34510 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34510 |
7 | Microsoft Windows Kernel 代码注入漏洞 | CNNVD-202107-733 | CVE-2021-34508 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34508 |
8 | Microsoft Windows Address Book 代码注入漏洞 | CNNVD-202107-735 | CVE-2021-34504 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34504 |
9 | Microsoft Windows Media Foundation 代码注入漏洞 | CNNVD-202107-736 | CVE-2021-34503 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34503 |
10 | Microsoft Exchange Server 权限许可和访问控制问题漏洞 | CNNVD-202107-740 | CVE-2021-34523 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523 |
11 | Microsoft Exchange Server 代码注入漏洞 | CNNVD-202107-741 | CVE-2021-34473 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 |
12 | Microsoft Exchange Server 权限许可和访问控制问题漏洞 | CNNVD-202107-742 | CVE-2021-34470 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34470 |
13 | Microsoft Exchange Server 权限许可和访问控制问题漏洞 | CNNVD-202107-743 | CVE-2021-33768 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33768 |
14 | Microsoft Exchange Server 代码注入漏洞 | CNNVD-202107-745 | CVE-2021-31206 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31206 |
15 | Microsoft Graphics Components 权限许可和访问控制问题漏洞 | CNNVD-202107-757 | CVE-2021-34498 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34498 |
16 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-760 | CVE-2021-34494 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34494 |
17 | Microsoft Windows 安全漏洞 | CNNVD-202107-762 | CVE-2021-34492 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34492 |
18 | Microsoft Windows tcp/ip 输入验证错误漏洞 | CNNVD-202107-764 | CVE-2021-34490 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34490 |
19 | Microsoft Graphics Components 代码注入漏洞 | CNNVD-202107-765 | CVE-2021-34489 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34489 |
20 | Microsoft Windows Console Driver 权限许可和访问控制问题漏洞 | CNNVD-202107-766 | CVE-2021-34488 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34488 |
21 | Microsoft Common Internet File System 输入验证错误漏洞 | CNNVD-202107-771 | CVE-2021-34476 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34476 |
22 | Microsoft Windows AppX Deployment Extensions 权限许可和访问控制问题漏洞 | CNNVD-202107-772 | CVE-2021-34462 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34462 |
23 | Microsoft Windows Kernel 安全特征问题漏洞 | CNNVD-202107-773 | CVE-2021-34461 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34461 |
24 | Microsoft Windows Storage 权限许可和访问控制问题漏洞 | CNNVD-202107-774 | CVE-2021-34460 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34460 |
25 | Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞 | CNNVD-202107-778 | CVE-2021-34456 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34456 |
26 | Microsoft Windows File History Service 权限许可和访问控制问题漏洞 | CNNVD-202107-779 | CVE-2021-34455 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34455 |
27 | Microsoft Hyper-V 代码注入漏洞 | CNNVD-202107-781 | CVE-2021-34450 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34450 |
28 | Microsoft Win32k 权限许可和访问控制问题漏洞 | CNNVD-202107-782 | CVE-2021-34449 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34449 |
29 | Microsoft Scripting Engine 缓冲区错误漏洞 | CNNVD-202107-783 | CVE-2021-34448 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448 |
30 | Microsoft Windows 安全特征问题漏洞 | CNNVD-202107-785 | CVE-2021-34446 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34446 |
31 | Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞 | CNNVD-202107-786 | CVE-2021-34445 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34445 |
32 | Microsoft Excel 代码注入漏洞 | CNNVD-202107-787 | CVE-2021-34518 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34518 |
33 | Microsoft Windows DNS 输入验证错误漏洞 | CNNVD-202107-790 | CVE-2021-34442 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34442 |
34 | Microsoft Windows tcp/ip 输入验证错误漏洞 | CNNVD-202107-792 | CVE-2021-33772 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33772 |
35 | Microsoft Windows Media Foundation 代码注入漏洞 | CNNVD-202107-793 | CVE-2021-34441 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34441 |
36 | Microsoft Windows Media Foundation 代码注入漏洞 | CNNVD-202107-795 | CVE-2021-34439 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34439 |
37 | Microsoft Graphics Components 代码注入漏洞 | CNNVD-202107-796 | CVE-2021-34438 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34438 |
38 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-798 | CVE-2021-33775 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33775 |
39 | Microsoft Windows Local Security Authority Subsystem Service 输入验证错误漏洞 | CNNVD-202107-799 | CVE-2021-33788 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33788 |
40 | Microsoft Windows Local Security Authority Subsystem Service 安全特征问题漏洞 | CNNVD-202107-800 | CVE-2021-33786 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33786 |
41 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-801 | CVE-2021-33776 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33776 |
42 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-802 | CVE-2021-33777 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33777 |
43 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-803 | CVE-2021-33778 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33778 |
44 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-804 | CVE-2021-31947 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31947 |
45 | Microsoft Windows 输入验证错误漏洞 | CNNVD-202107-805 | CVE-2021-33785 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33785 |
46 | Microsoft Windows Kernel 缓冲区错误漏洞 | CNNVD-202107-806 | CVE-2021-33771 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33771 |
47 | Microsoft Windows Kernel 缓冲区错误漏洞 | CNNVD-202107-808 | CVE-2021-31979 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31979 |
48 | Microsoft Windows Storage 权限许可和访问控制问题漏洞 | CNNVD-202107-809 | CVE-2021-34512 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34512 |
49 | Microsoft Windows Cloud Files Mini Filter Driver 权限许可和访问控制问题漏洞 | CNNVD-202107-810 | CVE-2021-33784 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33784 |
50 | Microsoft Windows Codecs 代码注入漏洞 | CNNVD-202107-811 | CVE-2021-33740 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33740 |
51 | Microsoft Office 代码注入漏洞 | CNNVD-202107-815 | CVE-2021-34501 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34501 |
52 | Microsoft Office 安全特征问题漏洞 | CNNVD-202107-817 | CVE-2021-34469 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34469 |
53 | Microsoft Office 代码注入漏洞 | CNNVD-202107-818 | CVE-2021-34452 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34452 |
54 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-819 | CVE-2021-33780 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33780 |
55 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-823 | CVE-2021-33754 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33754 |
56 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-824 | CVE-2021-33746 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33746 |
57 | Microsoft Power BI 代码注入漏洞 | CNNVD-202107-826 | CVE-2021-31984 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31984 |
58 | Microsoft Windows Active Directory 安全特征问题漏洞 | CNNVD-202107-827 | CVE-2021-33781 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33781 |
59 | Microsoft Active Directory Federation Services 安全特征问题漏洞 | CNNVD-202107-829 | CVE-2021-33779 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779 |
60 | Microsoft Windows 权限许可和访问控制问题漏洞 | CNNVD-202107-835 | CVE-2021-33774 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33774 |
61 | Microsoft Windows Desktop Bridge 权限许可和访问控制问题漏洞 | CNNVD-202107-836 | CVE-2021-33759 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33759 |
62 | Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞 | CNNVD-202107-837 | CVE-2021-33761 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33761 |
63 | Microsoft OpenEnclave 权限许可和访问控制问题漏洞 | CNNVD-202107-839 | CVE-2021-33767 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33767 |
64 | Microsoft Windows Storage 权限许可和访问控制问题漏洞 | CNNVD-202107-841 | CVE-2021-33751 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33751 |
65 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202107-842 | CVE-2021-34511 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34511 |
66 | Microsoft Office Sharepoint Server 代码注入漏洞 | CNNVD-202107-845 | CVE-2021-34520 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34520 |
67 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-850 | CVE-2021-33750 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33750 |
68 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-853 | CVE-2021-33752 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33752 |
69 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-854 | CVE-2021-33756 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33756 |
70 | Microsoft Windows DNS 代码注入漏洞 | CNNVD-202107-855 | CVE-2021-33749 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33749 |
71 | Microsoft Dynamics Business Central 代码注入漏洞 | CNNVD-202107-856 | CVE-2021-34474 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34474 |
72 | Microsoft Visual Studio Code 代码注入漏洞 | CNNVD-202107-857 | CVE-2021-34528 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34528 |
73 | Microsoft Visual Studio Code 代码注入漏洞 | CNNVD-202107-859 | CVE-2021-34529 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34529 |
74 | Microsoft Windows Defender 代码注入漏洞 | CNNVD-202107-861 | CVE-2021-34464 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34464 |
75 | Microsoft Windows Defender 代码注入漏洞 | CNNVD-202107-863 | CVE-2021-34522 | 高危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34522 |
76 | Microsoft Office SharePoint 代码注入漏洞 | CNNVD-202107-721 | CVE-2021-34467 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34467 |
77 | Microsoft Windows Storage 信息泄露漏洞 | CNNVD-202107-732 | CVE-2021-34509 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34509 |
78 | Microsoft Windows Remote Assistance 信息泄露漏洞 | CNNVD-202107-734 | CVE-2021-34507 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34507 |
79 | Microsoft Windows Kernel 信息泄露漏洞 | CNNVD-202107-737 | CVE-2021-34500 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34500 |
80 | Microsoft Windows DNS 输入验证错误漏洞 | CNNVD-202107-738 | CVE-2021-34499 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34499 |
81 | Microsoft Windows Storage Spaces Controller 权限许可和访问控制问题漏洞 | CNNVD-202107-739 | CVE-2021-34513 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34513 |
82 | Microsoft Exchange Server 信息泄露漏洞 | CNNVD-202107-744 | CVE-2021-33766 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33766 |
83 | Microsoft Exchange Server 代码注入漏洞 | CNNVD-202107-746 | CVE-2021-31196 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31196 |
84 | Microsoft Windows MSHTML Platform 代码注入漏洞 | CNNVD-202107-758 | CVE-2021-34497 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34497 |
85 | Microsoft Graphics Components 信息泄露漏洞 | CNNVD-202107-759 | CVE-2021-34496 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34496 |
86 | Microsoft Windows Partition Management Driver 权限许可和访问控制问题漏洞 | CNNVD-202107-761 | CVE-2021-34493 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34493 |
87 | Microsoft Win32k 信息泄露漏洞 | CNNVD-202107-763 | CVE-2021-34491 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34491 |
88 | Microsoft Windows Hello 安全特征问题漏洞 | CNNVD-202107-770 | CVE-2021-34466 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34466 |
89 | Microsoft Windows AppContainer 权限许可和访问控制问题漏洞 | CNNVD-202107-775 | CVE-2021-34459 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34459 |
90 | Microsoft Windows Remote Access Connection Manager 信息泄露漏洞 | CNNVD-202107-777 | CVE-2021-34457 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34457 |
91 | Microsoft Windows Shell 信息泄露漏洞 | CNNVD-202107-780 | CVE-2021-34454 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34454 |
92 | Microsoft Windows MSHTML Platform 代码注入漏洞 | CNNVD-202107-784 | CVE-2021-34447 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34447 |
93 | Microsoft Windows DNS 输入验证错误漏洞 | CNNVD-202107-789 | CVE-2021-34444 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34444 |
94 | Microsoft Windows tcp/ip 输入验证错误漏洞 | CNNVD-202107-794 | CVE-2021-31183 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31183 |
95 | Microsoft Graphics Components 信息泄露漏洞 | CNNVD-202107-797 | CVE-2021-34440 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34440 |
96 | Microsoft Windows Installer 权限许可和访问控制问题漏洞 | CNNVD-202107-807 | CVE-2021-31961 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31961 |
97 | Microsoft Projected File System 权限许可和访问控制问题漏洞 | CNNVD-202107-813 | CVE-2021-33743 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33743 |
98 | Microsoft Hyper-V 输入验证错误漏洞 | CNNVD-202107-814 | CVE-2021-33758 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33758 |
99 | Microsoft Hyper-V 输入验证错误漏洞 | CNNVD-202107-816 | CVE-2021-33755 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33755 |
100 | Microsoft Windows Authenticode 安全漏洞 | CNNVD-202107-820 | CVE-2021-33782 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33782 |
101 | Microsoft Windows SMB 信息泄露漏洞 | CNNVD-202107-821 | CVE-2021-33783 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33783 |
102 | Microsoft Windows DNS 输入验证错误漏洞 | CNNVD-202107-822 | CVE-2021-33745 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33745 |
103 | Microsoft Windows Installer 安全漏洞 | CNNVD-202107-825 | CVE-2021-33765 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33765 |
104 | Microsoft Windows 安全特征问题漏洞 | CNNVD-202107-828 | CVE-2021-33744 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33744 |
105 | Microsoft Bing 安全漏洞 | CNNVD-202107-830 | CVE-2021-33753 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33753 |
106 | Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞 | CNNVD-202107-832 | CVE-2021-33773 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33773 |
107 | Microsoft Windows Security Account Manager 安全特征问题特征问题漏洞 | CNNVD-202107-833 | CVE-2021-33757 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33757 |
108 | Microsoft Windows Remote Access Connection Manager 信息泄露漏洞 | CNNVD-202107-834 | CVE-2021-33763 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33763 |
109 | Microsoft Windows Codecs 信息泄露漏洞 | CNNVD-202107-838 | CVE-2021-33760 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33760 |
110 | Microsoft Windows Key Distribution Center 信息泄露漏洞 | CNNVD-202107-846 | CVE-2021-33764 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 |
111 | Microsoft Office Sharepoint Server 信息泄露漏洞 | CNNVD-202107-848 | CVE-2021-34519 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34519 |
112 | Microsoft Visual Studio Code 安全漏洞 | CNNVD-202107-849 | CVE-2021-34479 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34479 |
113 | Microsoft Office Sharepoint Server 安全漏洞 | CNNVD-202107-851 | CVE-2021-34517 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34517 |
114 | Microsoft Office Sharepoint Server 代码注入漏洞 | CNNVD-202107-852 | CVE-2021-34468 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34468 |
115 | Microsoft Visual Studio Code 权限许可和访问控制问题漏洞 | CNNVD-202107-866 | CVE-2021-34477 | 中危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34477 |
116 | Microsoft Office 安全漏洞 | CNNVD-202107-840 | CVE-2021-34451 | 低危 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34451 |
四、修复建议
目前,微软官方已经发布补丁修复了上述漏洞,建议用户及时确认漏洞影响,尽快采取修补措施。
微软官方补丁下载地址: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Ju
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
沪公网安备31011502401057号