发布编号:TACERT-ANA-2023051601053838
发布时间:2023-05-16 13:25:38
事故类型:ANA-漏洞预警
发现时间:2023-05-16 11:59:38
影响等级:低
[主旨说明:]
【漏洞预警】微软释出5月份安全性更新,修补3个零时差漏洞(CVE-2023-29325、CVE-2023-29336及CVE-2023-24932)与2个高风险漏洞(CVE-2023-24941与CVE-2023-24943),其中2个漏洞已遭骇客利用,请尽速确认并进行更新或评估采取缓解措施
[内容说明:]
转发 国家资安资讯分享与分析中心 NISAC-ANA-202305-0234
微软于5月份安全性更新中,共修补3个零时差漏洞与2个CVSS为9.8分高风险漏洞,请尽速确认并进行更新或评估采取缓解措施。
1.CVE-2023-29325(CVSS 8.1)为远端执行任意程式码漏洞,攻击者可寄送刻意变造之电子邮件,当受骇者使用Outlook开启或预览恶意RTF文件时,便会触发漏洞进而达到远端执行任意程式码。
2.CVE-2023-29336(CVSS 7.8)为权限扩张漏洞,已遭骇客利用,发生于Win32K驱动程式,允许已通过身分鑑别之攻击者,可透过本漏洞取得系统权限。
3.CVE-2023-24932(CVSS 6.7)为安全功能绕过漏洞,已遭骇客利用,允许已取得本机管理权限之攻击者,可透过本漏洞绕过安全开机(Windows Secure Boot)检查机制,规避侦测或企图使恶意程式进驻于系统中。
4.CVE-2023-24941(CVSS 9.8)为远端执行任意程式码漏洞,允许未经身分鑑别之远端攻击者,针对网络档案系统(Network File System, NFS)发送伪造请求,进而达到远端执行任意程式码。
5.CVE-2023-24943(CVSS 9.8)为远端执行任意程式码漏洞,可使攻击者借由发送恶意档案至启用讯息伫列服务(Message Queuing Service)之实际通用多播(Pragmatic General Multicast)服务器环境,进而达到远端执行任意程式码。
[影响平台:]
● Windows 10 for 32-bit Systems
● Windows 10 for x64-based Systems
● Windows 10 Version 1607 for 32-bit Systems
● Windows 10 Version 1607 for x64-based Systems
● Windows 10 Version 1809 for 32-bit Systems
● Windows 10 Version 1809 for ARM64-based Systems
● Windows 10 Version 1809 for x64-based Systems
● Windows 10 Version 20H2 for 32-bit Systems
● Windows 10 Version 20H2 for ARM64-based Systems
● Windows 10 Version 20H2 for x64-based Systems
● Windows 10 Version 21H2 for 32-bit Systems
● Windows 10 Version 21H2 for ARM64-based Systems
● Windows 10 Version 21H2 for x64-based Systems
● Windows 10 Version 22H2 for 32-bit Systems
● Windows 10 Version 22H2 for ARM64-based Systems
● Windows 10 Version 22H2 for x64-based Systems
● Windows 11 version 21H2 for ARM64-based Systems
● Windows 11 version 21H2 for x64-based Systems
● Windows 11 Version 22H2 for ARM64-based Systems
● Windows 11 Version 22H2 for x64-based Systems
● Windows Server 2008 for 32-bit Systems Service Pack 2
● Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 for x64-based Systems Service Pack 2
● Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
● Windows Server 2008 R2 for x64-based Systems Service Pack 1
● Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
● Windows Server 2012
● Windows Server 2012 (Server Core installation)
● Windows Server 2012 R2
● Windows Server 2012 R2 (Server Core installation)
● Windows Server 2016
● Windows Server 2016 (Server Core installation)
● Windows Server 2019
● Windows Server 2019 (Server Core installation)
● Windows Server 2022
● Windows Server 2022 (Server Core installation)
[建议措施:]
目前微软官方已针对弱点释出修复版本,各机关可联络系统维护厂商进行修补,或参考以下连结进行缓解与取得修补程式:
1.https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29325
2.https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
3.https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932
4.https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24941
5.https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24943
[参考资料:]
1. https://www.zerodayinitiative.com/blog/2023/5/8/the-may-2023-security-update-review
3. https://msrc.microsoft.com/update-guide/releaseNote/2023-May
4. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29325
5. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336
6. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932
7. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24941
8. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24943
(此通报仅在于告知相关资讯,并非为资安事件),如果您对此通报的内容有疑问或有关于此事件的建议,欢迎与我们连络。
教育机构资安通报应变小组
网址:https://info.cert.tanet.edu.tw/
专线电话:07-5250211
网络电话:98400000
E-Mail:service@cert.tanet.edu.tw
